A security manager recently categorized an information system.
During the categorization effort, the manager determined the loss of integrity of a specific information type would impact business significantly.
Based on this, the security manager recommends the implementation of several solutions.
Which of the following, when combined, would BEST mitigate this risk? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.CD.
The scenario described in the question suggests that the security manager has identified a critical information type that, if compromised, could have a significant impact on the business's operations. To mitigate this risk, the security manager recommends implementing two solutions that, when combined, would provide the best protection for the identified information type.
The two solutions that would best mitigate the risk of loss of integrity of the information type are:
Access control: Access control is a security mechanism that limits access to information to authorized individuals or processes. By implementing access control measures, the security manager can restrict access to the critical information type to only those who need it, thereby reducing the risk of unauthorized access or modification.
Signing: Signing is a process that involves applying a digital signature to a document or file to ensure its integrity and authenticity. By implementing signing measures, the security manager can ensure that the critical information type has not been tampered with or modified in any way, and that it originated from a trusted source.
While the other solutions listed in the answer choices may be effective in certain scenarios, they are not as relevant to the scenario described in the question. For example, whitelisting and boot attestation are more focused on preventing unauthorized access or execution of code, which may not be as critical in this scenario. Validation, on the other hand, may be useful for ensuring the accuracy and consistency of data, but it does not provide the same level of protection as access control and signing in terms of protecting the integrity of a specific information type.
In summary, the best solutions to mitigate the risk of loss of integrity of a specific information type in this scenario are access control and signing.