You are an information systems security officer at a mid-sized business and are called upon to investigate a
threat conveyed in an email from one employee to another.
You gather the evidence from both the email server transaction logs and from the computers of the two
individuals involved in the incident and prepare an executive summary.
You find that a threat was sent from one user to the other in a digitally signed email. The sender of the threat
says he didn’t send the email in question.
What concept of PKI – Public Key Infrastructure will implicate the sender?

A.
Non-repudiation

B.
The digital signature of the recipient

C.
Authentication

D.
Integrity

Explanation:
Non-Repudiation makes sure that a sender is unable to deny sending a message.
Incorrect Answers:
B: A digital signature guarantees the authenticity and integrity of a message by making use of hashing
algorithms and asymmetric algorithms. It will not implicate the sender.
C: Authentication refers to the verification of the identity of a user who is requesting the use of a system and/or
access to network resources.
D: Integrity is upheld by providing assurance of the accuracy and reliability of information and systems and
preventing any unauthorized modification.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, pp. 23, 162, 398, 833