Richard is a network administrator working at a student loan company in Iowa. This company processes over 20,000 student loans a year from colleges all over the state. Most communication between the company, schools, and lenders is carried out through email. Because of privacy laws that are in the process of being implemented, Richard wants to get ahead of the game and become compliant before any sort of auditing occurs. Much of the email communication used at his company contains sensitive information such as social security numbers. For this reason, Richard wants to utilize email encryption agency-wide. The only problem for Richard is that his department only has a couple of servers, and they are utilized to their full capacity. Since a server- based PKI is not an option for him, he is looking for a low/no cost solution to encrypt email.

What should Richard use?

A.
3DES

B.
RSA

C.
PGP

D.
OTP

Explanation:
PGP (Pretty Good Privacy) is an encryption program being used for secure transmission of files and e-mails. This adapts public-key encryption technology in which pairs of keys are used to maintain secure communication. For PGP-based communication both the sender and receiver should have public and private key pairs. The sender’s public key should be distributed to the receiver. Similarly, the receiver’s public key should be distributed to the sender. When sending a message or a file, the sender can sign using his private key. Also, the sender’s private key is never distributed. All encryption is made on the workstation sending the e-mail.