An IS auditor is reviewing an organization's method to transport sensitive data between offices.
Which of the following would cause the auditor MOST concern?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The most concerning method for transporting sensitive data between offices would be one that relies exclusively on symmetric encryption algorithms.
Symmetric encryption uses the same key to encrypt and decrypt data, and if this key falls into the wrong hands, the data could be easily compromised. Additionally, symmetric encryption requires that both the sender and the receiver have access to the same key, which could be a logistical challenge when transporting data between multiple offices.
On the other hand, digital signatures, asymmetric encryption algorithms, and public key infrastructure are all considered to be more secure methods for transporting sensitive data. Digital signatures ensure the authenticity and integrity of the data, while asymmetric encryption algorithms use a public key to encrypt data and a private key to decrypt it, making it more difficult for unauthorized users to access the data. Public key infrastructure provides a framework for managing and distributing public keys securely.
However, it's important to note that relying exclusively on any one method for transporting sensitive data is not ideal, and a combination of multiple methods would provide the most secure solution. An IS auditor should also consider other factors, such as the strength of the encryption algorithms used and the security of the devices and networks involved in the data transport process.