Mitigating Vulnerabilities in Corporate Collaboration Tool Suite
Question
A security architect is implementing security measures in response to an external audit that found vulnerabilities in the corporate collaboration tool suite.
The report identified the lack of any mechanism to provide confidentiality for electronic correspondence between users and between users and group mailboxes.
Which of the following controls would BEST mitigate the identified vulnerability?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The identified vulnerability in the corporate collaboration tool suite is the lack of confidentiality for electronic correspondence between users and between users and group mailboxes. To mitigate this vulnerability, the security architect should implement controls that provide confidentiality for electronic correspondence.
Let's evaluate each of the provided options and identify the control that would best mitigate the identified vulnerability:
A. Issue digital certificates to all users, including owners of group mailboxes, and require S/MIME with AES-256.
This control is a good option as it provides end-to-end encryption using digital certificates for all users and group mailboxes, and requires the use of S/MIME with AES-256. This would ensure that all electronic correspondence between users and group mailboxes is encrypted, providing confidentiality. However, this control may be complex to implement, requiring the issuance and management of digital certificates to all users and group mailboxes.
B. Federate with an existing PKI provider, and reject all non-signed emails.
This control requires that the organization federate with a PKI provider and reject all non-signed emails. While this control provides a level of assurance that emails are authentic, it does not provide confidentiality for electronic correspondence. Therefore, this control would not mitigate the identified vulnerability.
C. Implement two-factor email authentication, and require users to hash all email messages upon receipt.
This control provides authentication using two-factor email authentication and requires users to hash all email messages upon receipt. While this control provides a level of assurance that emails are authentic, it does not provide confidentiality for electronic correspondence. Therefore, this control would not mitigate the identified vulnerability.
D. Provide digital certificates to all systems, and eliminate the user group or shared mailboxes.
This control provides digital certificates to all systems and eliminates user group or shared mailboxes. While this control provides a level of assurance that emails are authentic and confidential, it may not be practical for all organizations to eliminate user group or shared mailboxes.
Therefore, the BEST control to mitigate the identified vulnerability is option A, which provides end-to-end encryption using digital certificates for all users and group mailboxes and requires the use of S/MIME with AES-256.
