Which of the following is considered the best way to protect Personally Identifiable Information (PII) from Web
application vulnerabilities?
A.
Use cryptographic storage to store all PII
B.
Use encrypted communications protocols to transmit PII
C.
Use full disk encryption on all hard drives to protect PII
D.
Use a security token to log into all Web applications that use PII
Explanation:
As a matter of good practice any PII should be protected with strong encryption.
https://cuit.columbia.edu/cuit/it-security-practices/handling-personally-identifying-information
The correct answer is B
Use encrypted communications protocols to transmit PII
Sorry copied the wrong response… The corresct answer is
A: Use cryptographic storage to store all PII
https://cuit.columbia.edu/handling-pii
quote from the site which they mention in the answer
According to Columbia University policy, any sensitive data, such as PII, that must remain on University workstations should be encrypted with 256-bit encryption (at minimum). Policy also requires that any files containing sensitive or confidential information must be encrypted and password protected before being transfered to another party via email or any file transfer method.
then the answer should be B
Sorry copied the wrong response… The corresct answer is
A: Use cryptographic storage to store all PII