1
APEC so‘zining to‘liq shakli nima?
What does the full form of APEC ?
Asia-Pacific Economic Cooperation
_________ — bu ishonch hali o‘rnatilmagan vaziyatlarda maxfiylikni saqlash maqsadida shaxsiy ma’lumotlarni oshkor qilmaslik amaliyotidir.
_________ is the practice of withholding personal information to maintain a sense of privacy, especially in situations where trust has not yet been established.
Reserve
………. — bu o‘z shaxsini oshkor qilmasdan harakat qilish yoki o‘z fikrini ifoda etish qobiliyatini anglatadi. Bu tanilmaslik, shuningdek, shaxsiy ma’lumotlarga nisbatan keraksiz e’tibor yoki aralashuvning oldini olish haqida.
………. - refers to the ability to act or express oneself without revealing one's identity. It’s about staying unrecognized and preventing unwanted attention or intrusion into one's personal information.
Anonimity
Maxfiylik insonlarga o‘z fikrlari, harakatlari va qadriyatlari ustida tashqi hukmsiz mulohaza yuritish imkonini beradi. Bu ichki tahlil va o‘zini anglash uchun joy yaratadi, insonning o‘zini chuqurroq tushunishiga va shaxsiy o‘sishga yordam beradi.
Privacy allows individuals to reflect on their thoughts, actions, and values without outside judgment. It provides the space for introspection and self-reflection, helping one gain a deeper understanding of themselves and fostering personal growth.
Self evaluation
…… — bu shaxsiy, maxfiy yoki nozik ma’lumotlarni xavfsiz saqlash va ularni faqat ruxsat berilgan yoki ishonchli shaxslargagina ulashish amaliyotini anglatadi. Bu ma’lumotlarning ruxsatsiz shaxslarga oshkor qilinmasligi va ruxsatsiz kirishlardan himoyalangan bo‘lishini ta’minlash haqida.
…… - refers to the practice of keeping personal, sensitive, or private information secure and sharing it only with those who are authorized or trusted to receive it. It is about ensuring that information is not disclosed to unauthorized individuals and is protected from unauthorized access.
Confidentiality
Ma’lumotlar maxfiyligini himoya qilish bo‘yicha birinchi xalqaro yo‘riqnoma qaysi?
What is the first international guidelines on data privacy protection ?
Organization for Economic Cooperation Development ( OECD )
…. — bu shaxsni aniqlash uchun ishlatilishi mumkin bo‘lgan har qanday ma’lumotni anglatadi, u yakka holda yoki boshqa ma’lumotlar bilan birlashtirilgan holda aniqlash imkonini beradi.
…. - refers to any data that can be used to identify an individual, either on its own or when combined with other information
Personally Identifiable Information
Kanadadagi asosiy ma’lumotlarni himoya qilish qonuni qaysi?
What is the primary data protection law in Canada ?
Personal Information Protection and Electronic Documents Act (PIPEDA)
….. — bu Yevropa Ittifoqi (EU) tomonidan Yevropa Ittifoqi va Yevropa Iqtisodiy Hududi (EEA) ichidagi shaxslarning maxfiyligi hamda shaxsiy ma’lumotlarini himoya qilish uchun joriy etilgan nizomdir. U tashkilotlar shaxsiy ma’lumotlarni qanday yig‘ishi, qayta ishlashi, saqlashi va boshqarishi kerakligi bo‘yicha ko‘rsatmalarni belgilaydi hamda shaxslarning o‘z ma’lumotlari ustidan nazoratga ega bo‘lishini ta’minlaydi.
….. is a regulation implemented by the European Union (EU) to protect the privacy and personal data of individuals within the EU and the European Economic Area (EEA). It establishes guidelines on how organizations should collect, process, store, and manage personal data, ensuring that individuals have control over their own information.
GDPR
…. — bu Yevropa Ittifoqidan (EU) ma’lumotlarni teng darajadagi ma’lumotlarni himoya qilish qonunlariga ega bo‘lmagan davlatlarga uzatishda shaxsiy ma’lumotlarni himoya qilish uchun yaratilgan tizimdir. Ushbu tizim kompaniyalarga Yevropa Ittifoqi va, masalan, Amerika Qo‘shma Shtatlari kabi davlatlar o‘rtasida ma’lumot almashish imkonini beradi, biroq qabul qiluvchi tashkilot ma’lumotlarning xavfsizligini ta’minlash uchun belgilangan maxfiylik standartlariga rioya qilishi shart.
…. is a framework created to safeguard personal data transferred from the European Union (EU) to countries without equivalent data protection laws. It permits businesses to move data between the EU and countries such as the United States, provided the receiving entity follows specific privacy standards to ensure the data’s protection.
The Safe Harbor Principle
Shaxsiy ma’lumotlar u yig‘ilgan maqsadlarga bevosita tegishli bo‘lishi kerak. U yuqori darajadagi aniqlik va to‘liqlikka ega bo‘lishi, shuningdek, o‘z dolzarbligi va maqsadga muvofiqligini ta’minlash uchun davriy ravishda yangilanib turilishi lozim.
Personal data must be directly applicable to the objectives for which it was gathered. It should maintain a high degree of accuracy, comprehensiveness, and be periodically revised to ensure its relevance and currency in relation to the intended purposes.
Data Quality
Shaxsiy ma’lumotlar uchun mas’ul bo‘lgan shaxslar barcha ma’lumotlarga oid harakatlar tegishli qoidalarga muvofiq amalga oshirilishini ta’minlash uchun javobgardirlar. Ular shaxsiy ma’lumotlar maxfiylik qoidalari va yo‘riqnomalariga muvofiq tarzda to‘g‘ri qayta ishlanishini ta’minlashlari kerak.
Those in charge of personal data must be responsible for ensuring that all actions related to the data comply with the relevant regulations. They must ensure personal data is handled properly, in accordance with privacy rules and guidelines.
Accountability
Bu global tashkilot maxfiylik va ma’lumotlarni himoya qilishni rivojlantirishga yo‘naltirilgan. U sohadagi mutaxassislar uchun resurslar, treninglar, sertifikatlar va tarmoq imkoniyatlarini taqdim etadi. Tashkilotning maqsadi — insonlarga maxfiylik bilan bog‘liq muammolarni boshqarishda yordam berish hamda butun dunyo bo‘ylab turli sohalarda yaxshiroq maxfiylik amaliyotlari va me’yorlarini targ‘ib qilishdir.
This global organization focuses on advancing privacy and data protection. It offers resources, training, certifications, and networking for professionals in the field. Its mission is to help individuals manage privacy challenges and promote better privacy practices and regulations across industries worldwide.
International Association of Privacy Professionals
…….. — bu shaxsiy ma’lumotlar qanday va nima maqsadda yig‘ilishini, ishlatilishini hamda qayta ishlanishini belgilovchi tashkilot yoki jismoniy shaxsdir. U ma’lumotlarni qayta ishlash jarayoni maxfiylik qonunlari va qoidalariga muvofiq amalga oshirilishini ta’minlaydi hamda o‘z boshqaruvidagi ma’lumotlarni himoya qilish uchun javobgar hisoblanadi.
…….. - is an entity or individual responsible for determining how and why personal data is collected, used, and processed. They ensure that data handling complies with privacy laws and regulations and are accountable for protecting the data they manage.
Data Controller
APEC tomonidan “hukumat tomonidan qo‘llab-quvvatlanadigan ma’lumotlar maxfiyligi sertifikati” sifatida ………………………………………………………… joriy etilgan. Ushbu tizim APEC Maxfiylik Ramkasiga asoslanadi va hukumatlar hamda kompaniyalar uchun ma’lumotlarning chegaralararo oqimini tartibga solish bo‘yicha huquqiy standartni belgilaydi.
APEC introduced the ………………………………………………………… as a "government-backed data privacy certification." This framework builds on the APEC Privacy Framework and establishes a legal standard that both governments and companies can use to regulate cross-border data flows.
Cross-Border Privacy Rules (CBPR)
……………… tashkilotning ma’lumotlar maxfiyligi qonunlariga rioya etishini ta’minlash, ma’lumotlarni qayta ishlash faoliyatini nazorat qilish va ma’lumotlarni himoya qilish amaliyotlari bo‘yicha maslahat berish uchun mas’uldir. Ular maxfiylik bilan bog‘liq masalalar bo‘yicha aloqa nuqtasi sifatida faoliyat yuritadilar va ma’lumotlar xavfsizligi bilan bog‘liq xatarlarni boshqarishda yordam beradilar.
……………… is responsible for ensuring an organization complies with data privacy laws, overseeing data processing activities, and advising on data protection practices. They act as a point of contact for privacy concerns and help manage data security risks.
Data Protection Officer (DPO)
……… — bu tashkilotlarning ma’lumotlarni qayta ishlash amaliyotlari haqida oshkora bo‘lish talabi bilan bog‘liq tamoyilni anglatadi. Ushbu tamoyil shaxslar o‘z shaxsiy ma’lumotlari qanday yig‘ilishi, ishlatilishi va ulashilishini bilishlari kerakligini belgilaydi. Tashkilotlar ma’lumotlarni qayta ishlash jarayonlari haqida aniq va tushunarli ma’lumot taqdim etishlari hamda shaxslar o‘z ma’lumotlariga doir huquqlaridan xabardor bo‘lishlarini ta’minlashlari lozim. Maqsad — ma’lumotlarni qayta ishlash faoliyatida ochiqlik va halollik orqali ishonchni shakllantirishdir. Bu PIPEDA'ning qaysi prinsipi?
……… - refers to the requirement for organizations to be transparent about their data processing practices. This principle mandates that individuals are informed about how their personal data will be collected, used, and shared. Organizations should provide clear, accessible information about their data handling practices and ensure that individuals are aware of their rights regarding their data. The goal is to foster trust by being open and honest about data processing activities. Which principle of PIPEDA ?
Openness / Transparency
___________ nazorat choralari hujum sodir bo‘layotganini aniqlash uchun mo‘ljallangan bo‘lib, ular qanday turdagi hujum ekanligini, qayerdan kelganini, nimalardan foydalanganini va agar omadingiz kelsa — kim tomonidan amalga oshirilganini aniqlashga yordam beradi.
___________ controls are designed to identify that an attack is occurring, including what kind of an attack, where it came from, what it used, and, if you’re lucky, who may be behind it.
Detective
___________ nazorat choralari hujumdan kelib chiqadigan zararni kamaytirish uchun mo‘ljallangan.
___________ controls are designed to minimize the damage from an attack.
Corrective
____________________ — bu tizimlar, tarmoqlar va ilovalar bo‘ylab bir nechta himoya choralari yordamida tahdidlarga qarshi kurashishga mo‘ljallangan qatlamli xavfsizlik strategiyasidir. Asosiy g‘oya oddiy: agar bir qatlam muvaffaqiyatsiz bo‘lsa, boshqalari baribir himoyani davom ettiradi.
____________________ is a layered security strategy that uses multiple defensive measures across systems, networks, and applications to protect against threats. The core idea is simple: if one layer fails, others still stand.
Defense in Depth
_____________________ — bu tajribasiz yoki malakasiz xakerlar bo‘lib, tizimlarga hujum qilish uchun boshqalar tomonidan yaratilgan oldindan tayyorlangan vositalar, skriptlar yoki eksploitlardan foydalanadilar — va bu vositalarning qanday ishlashini to‘liq tushunmaydilar.
_____________________ are unskilled or inexperienced hackers who use pre-made tools, scripts, or exploits created by others to attack systems—without fully understanding how those tools actually work.
Script Kiddies
_________________________ — bu tizim, veb-sayt yoki tarmoqni mo‘ljallangan foydalanuvchilar uchun mavjud bo‘lmasligini ta’minlashga qaratilgan kiberhujum bo‘lib, uni ortiqcha trafik yoki zararli so‘rovlar bilan bosim ostiga qo‘yadi.
_________________________ is a cyberattack that aims to make a system, website, or network unavailable to its intended users by overwhelming it with excessive traffic or malicious requests.
DoS (Denial of Service)
Bu — aktivni tiklash kerak bo‘lgan aniq vaqt nuqtasidir. Bu qaysi aktiv metama’lumotiga (Asset Metadata) tegishli?
This is the particular point in time you’ll need the asset to recover to. Which Asset Metadata is it?
RPO (Recovery Point Objective)
____________ — bu ma’lumot jo‘natuvchi qurilmada shifrlanib, faqat qabul qiluvchi qurilmada shifrdan yechiladigan himoya modelidir. Bu jarayonda xizmat ko‘rsatuvchi provayderlar, xakerlar yoki hatto platformaning o‘zi ham ma’lumotga kirish yoki uni o‘zgartirish imkoniga ega bo‘lmaydi.
_________________ refers to a protection model in which data is encrypted on the sender’s device and only decrypted on the recipient’s device — ensuring that no intermediary (such as service providers, hackers, or even the platform itself) can access or alter the data while it’s being transmitted.
End-to-End Security