A company’s employees were victims of a spear phishing campaign impersonating the CEO. The company
would now like to implement a solution to improve the overall security posture by assuring their
employees that email originated from the CEO. Which of the following controls could they implement to
BEST meet this goal?
A.
Spam filter
B.
Digital signatures
C.
Antivirus software
D.
Digital certificates
Explanation:
A digital signature is a mathematical technique used to validate the authenticity and integrity of a
message, software, or digital document.
The digital equivalent of a handwritten signature or stamped seal, but offering far more inherent security,
a digital signature is intended to solve the problem of tampering and impersonation in digital
communications. Digital signatures can provide the added assurances of evidence to origin, identity and
status of an electronic document, transaction or message, as well as acknowledging informed consent by
the signer.
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a
public key algorithm such as RSA, one can generate two keys that are mathematically linked: one privateand one public. To create a digital signature, signing software (such as an email program) creates a oneway hash of the electronic data to be signed. The private key is then used to encrypt the hash. The
encrypted hash — along with other information, such as the hashing algorithm — is the digital signature.
The reason for encrypting the hash instead of the entire message or document is that a hash function can
convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since
hashing is much faster than signing.
Incorrect Answers:
A: A spam filter is used to detect and block spam email. All inbound (and sometimes outbound) email is
passed through the spam filter to detect spam emails. The spam emails are then discarded or tagged as
potential spam according to the spam filter configuration. A spam filter is not used to guarantee the
integrity of an email.
C: Anti-virus software is software installed on a computer to protect against viruses. An anti-virus
program will scan files on the hard drive and scan files as they are accessed to see if the files contain a
potential threat. Anti-virus software is not used to guarantee the integrity of an email.
D: In cryptography, a digital certificate is an electronic document that uses a digital signature to bind
together a public key with an identity – for example, the name of an organization, etc. The certificate is
used to confirm that a public key belongs to a specific organization.
Digital certificates are used to verify the trustworthiness of a website, while digital signatures are used to
verify the trustworthiness of information. In the case of digital certificates, an organization may only trust
a site if the digital certificates are issued by the organization itself or by a trusted certification source, like
Verisign Inc. But, this doesn’t necessarily mean that the content of the site can be trusted; a trusted site
may be infiltrated by a hacker who modifies the site’s content.http://searchsecurity.techtarget.com/definition/digital-signature
http://searchsecurity.techtarget.com/answer/The-difference-between-a-digital-signature-and-digitalcertificate