An organization must implement controls to protect the confidentiality of its most sensitive data. The
company is currently using a central storage system and group based access control for its sensitive
information. Which of the following controls can further secure the data in the central storage system?
A.
Data encryption
B.
Patching the system
C.
Digital signatures
D.
File hashing
Explanation:
Data encryption makes data unreadable to anyone who does not have the required key to decrypt the
data. The question states that the sensitive data is stored on a central storage system. Group based
access control is used to control who can access the sensitive data. However, this offers no physical
security for the data. Someone could steal the central storage system or remove the hard disks from it
with the plan of placing the hard disks into another system to read the data on the disks. With the data
encrypted, the data would be unreadable.
Incorrect Answers:
B: The question states that the sensitive data is stored on a central storage system (such as a SAN). A SAN
typically does not need patching. Even if the storage was attached to a system that did need patching
(such as a file server), patching the system would still provide no protection against the removal of the
hard disks containing the data.
C: A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software, or digital document. Digital signatures would not further secure the data in the
central storage system.
D: File hashing is used to ensure that the version of the file a user receives has not been tampered with
when accessing files over a network. It is not used to secure files on a storage system.