Register
An organization has established the following controls matrix: SECURITY MINIMUM MODERATE HIGH Physical CylinderLock CipherLock ProximityAccessCard Environmental SurgeProtector UPS Generator Data Content-BasedAuthentication
55.2k views
1 vote
An organization has established the following controls matrix:

SECURITY MINIMUM MODERATE HIGH
Physical CylinderLock CipherLock ProximityAccessCard
Environmental SurgeProtector UPS Generator
Data Content-BasedAuthentication MFA FDE
Application PeerReview StaticAnalysis PenetrationTest
Logical HIDS NIDS NIPS
The following control sets have been defined by the organization and are applied in aggregate fashion:
Systems containing PII are protected with the minimum control set.
Systems containing medical data are protected at the moderate level.
Systems containing cardholder data are protected at the high level.The organization is preparing to deploy a system that protects the confidentially of a database containing PII and medical data from clients.

Based on the controls classification, which of the following controls would BEST meet these requirements?

A. Proximity card access to the server room, context-based authentication, UPS, and full-disk encryption for the database server.
B. Cipher lock on the server room door, FDE, surge protector, and static analysis of all application code.
C. Peer review of all application changes, static analysis of application code, UPS, and penetration testing of the complete system.
D. Intrusion detection capabilities, network-based IPS, generator, and context-based authentication.

User Hellvinz
by
7.9k points

1 Answer

1 vote

Final answer:

The best control set for a system containing both PII and medical data is represented by Option A, which includes moderate level controls such as proximity card access, context-based authentication, UPS, and full-disk encryption.

Step-by-step explanation:

An organization is deploying a system that contains both Personal Identifiable Information (PII) and medical data and seeks to determine the best control set to protect the confidentiality of this information. Based on the control matrix provided, the moderate control level would be most applicable since it includes systems with medical data, which typically have higher security requirements than systems containing only PII. Therefore, the controls that best meet the requirements would include a combination of moderate level controls for both the physical and logical security layers.

Option A - Proximity card access to the server room, context-based authentication, Uninterruptable Power Supply (UPS), and full-disk encryption (FDE) for the database server - represents the moderate level of controls suitable for a system containing medical data. These controls provide a strong level of security for the physical server location with access limits, ensure reliability of electrical supply, and secure data at the content and application levels.

User Matt Ollis
by
7.9k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.4m questions

12.1m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Link Copied!