The Chief Security Officer (CISO) at a multinational banking corporation is reviewing a plan to
upgrade the entire corporate IT infrastructure. The architecture consists of a centralized cloud
environment hosting the majority of data, small server clusters at each corporate location to
handle the majority of customer transaction processing, ATMs, and a new mobile banking
application accessible from smartphones, tablets, and the Internet via HTTP. The corporation does
business having varying data retention and privacy laws. Which of the following technical
modifications to the architecture and corresponding security controls should be implemented to
provide the MOST complete protection of data?

A.
Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions
are digitally signed to minimize fraud, implement encryption for data in-transit between data
centers

B.
Ensure all data is encryption according to the most stringent regulatory guidance applicable,
implement encryption for data in-transit between data centers, increase data availability by
replicating all data, transaction data, logs between each corporate location

C.
Store customer data based on national borders, ensure end-to end encryption between ATMs,
end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently
shifted from one legal jurisdiction to another with more stringent regulations

D.
Install redundant servers to handle corporate customer processing, encrypt all customer data to
ease the transfer from one country to another, implement end-to-end encryption between mobile
applications and the cloud.