Which of the following would be the BEST overall control for an Internet business looking for confidentiality, reliability and integrity of data?
A.
Secure Sockets Layer (SSL)
B.
Intrusion detection system (IDS)
C.
Public key infrastructure (PKI)
D.
Virtual private network (VPN)
Explanation:
PKl would be the best overall technology because cryptography provides for encryption, digital signatures and non repudiation controls for confidentiality and reliability. SSL can provide confidentiality. IDS is a detective control. A VPN would provide confidentiality and authentication (reliability).
PKI is an incorrect answer according to the ISACA Study Database Question #: 688 CISA Job Practice Task Statement: 5.3.
The correct answer is Answer “A” for SSL. See info. below.
A. Secure Sockets Layer (SSL) is used for many e-commerce applications to set up a secure channel for communications providing confidentiality through a combination of public and symmetric key encryption and integrity through hash message authentication code (HMAC).
B. An intrusion detection system (IDS) will log network activity but is not used for protecting traffic over the Internet.
C. Public key infrastructure (PKI) is used in conjunction with SSL or for securing communications such as e-commerce and email.
D. A virtual private network (VPN) is a generic term for a communications tunnel that can provide confidentiality, integrity and authentication (reliability). A VPN can operate at different levels of the Open Systems Interconnection (OSI) stack and may not always be used in conjunction with encryption. SSL can be called a type of VPN.
Then shouldn’t it be D: VPN? It seems to cover all 3 factors.
No, VPN doesn’t cover integrity of data.