Exam CISSP topic 1 question 18 discussion

policy vs encryption = management vs technical staff. Which is more important? I choose policy because CISSP needs you to think like a manager..

I'm for the "B", encryption is part of the policy.

What's the best way to protect your data assets? A: Encrypt them B: Write a policy to tell everyone to keep them safe. In fact, write a policy that says no one's allowed to look at it without your permission and CERTAINLY no one from outside the company is allowed to access it. That'll fix it! .... seriously?

Encryption ensures that even if data is intercepted or accessed without authorization, it remains unreadable and secure.

Protecting data is not only protecting the confidentiality (encryption). It does not guarantee availability or integrity.

A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms. Here's why: While all the options listed are important components of a comprehensive security strategy, encryption directly protects the confidentiality and integrity of data, even if other defenses fail. It ensures that: Data in transit (e.g., over networks) is protected from interception. Data at rest (e.g., on servers or storage devices) is protected from unauthorized access. Modern cryptographic algorithms reduce the risk of data being compromised due to outdated or weak encryption.

B encompasses the others.

A is the proactive method. B the reactive. A is preferred

Encrypting data in transit and at rest ensures that even if attackers intercept or access the data, they cannot read or misuse it without the decryption keys. This directly protects the confidentiality and integrity of the data itself, which is the core of safeguarding data assets.

While monitoring and enforcing security policies (option B) is crucial for overall security, encryption directly protects the confidentiality and integrity of data by ensuring that unauthorized individuals cannot access or alter the data. Encryption of both data in transit and data at rest provides a robust layer of protection, especially in case of data breaches or unauthorized access. In contrast, enforcing security policies (option B) helps manage and guide actions, but without encryption, data might still be vulnerable even if policies are in place. Therefore, option A is the best choice

The best answer is: A. Encrypt data in transit and at rest using up-to-date cryptographic algorithms. Explanation: While all the options contribute to security, encryption is the most fundamental and effective way to protect data assets from unauthorized access, even if other security controls fail. Proper encryption ensures data confidentiality and integrity, whether it is stored (at rest) or transmitted (in transit). • B (Monitor and enforce adherence to security policies): This is important but does not directly protect data assets—it’s more about governance and compliance. • C (Require MFA and Separation of Duties): These measures strengthen access control but do not directly protect data at rest or in transit. • D (Create a DMZ with proxies, firewalls, and bastion hosts): This helps protect network boundaries but does not directly safeguard stored or transmitted data. Encryption remains the most effective safeguard for data security across various attack vectors.

Encryption only PROTECTS data

Think like a manager

Policies lay the groundwork for all the other options mentioned.

B. A, C, and D are all valid ways to protect data assets. B is the one solution that can implement all of them.

When choosing answers, the order of priority should be People, Processes, Technology....Technology usually goes last. Think like a manager on this one.

Choose b as security policies may include using encryption. B in all encompassing and is a managerial selection vs a technical one.