Register
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following: Month Encrypted Email Unencrypted
89.6k views
3 votes
When reviewing KRIs of the email security appliance with the Chief Information Security Officer (CISO) of an insurance company, the security engineer notices the following:

Month Encrypted Email Unencrypted Email Contains PII
1 200 0 0
2 230 10 5
3 185 15 10
4 198 60 40
5 204 75 45

Which of the following measures should the security engineer take to ensure PII is not intercepted in transit while also preventing interruption to business?

A. Quarantine emails sent to external domains containing PII and release after inspection.
B. Prevent PII from being sent to domains that allow users to sign up for free webmail.
C. Enable transport layer security on all outbound email communications and attachments.
D. Provide security awareness training regarding transmission of PII.

User Gurgen Sargsyan
by
8.2k points

1 Answer

4 votes

Final answer:

To ensure PII is not intercepted in transit and to prevent business interruption, the security engineer should enable transport layer security on all outbound email communications and invest in security awareness training for employees.

Step-by-step explanation:

When a security engineer notices that Personally Identifiable Information (PII) is being sent unencrypted via an email security appliance, it raises serious concerns about online privacy and security.

Drawing lessons from large-scale data breaches that resulted in identity theft, there are several measures an engineer can take to protect sensitive data.

The most comprehensive solution is to enable transport layer security (TLS) on all outbound email communications. This action ensures that emails, as well as their attachments, are encrypted while in transit, reducing the risk of interception by unauthorized parties.

This method does not interrupt the current business workflow and provides a continuous protection mechanism for all emails.

An additional measure that can reinforce the security standpoint is to provide security awareness training for employees. This should focus on the importance and best practices of handling PII, further mitigating the risk of accidental data exposure.

However, while training can greatly reduce the risk of PII being transmitted insecurely, it does not offer the immediate and consistent protection that technical measures such as TLS provide.

User Ljtomev
by
8.9k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

9.3m questions

12.0m answers

Other Questions

“What does it mean when we “rework” copyrighted material?”
The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
Please help me ! All you do is just put it it all in your own words ! Please this is for my reported card!i don't know how to put it in my own words because my English is not that good!
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Link Copied!