Which of the following would a security engineer recommend to BEST protect sensitive system data from being accessed on mobile devices?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Out of the given options, the security engineer would recommend implementing a self-encrypted disk (option B) as the best solution to protect sensitive system data from being accessed on mobile devices.
Explanation:
Mobile devices, such as laptops, smartphones, and tablets, are highly portable and convenient to use. However, they also pose a significant security risk as they can be lost, stolen, or accessed by unauthorized users. To protect sensitive system data on mobile devices, various security measures can be implemented, such as:
A. Use a UEFI boot password: A UEFI boot password can be set to prevent unauthorized users from booting the device or accessing the operating system. However, this password protection only applies to the boot process and does not encrypt the data stored on the device. If an unauthorized user gains access to the device, they can still read the data.
B. Implement a self-encrypted disk: A self-encrypted disk (SED) is a storage device that automatically encrypts all data stored on it using a hardware-based encryption engine. SEDs protect data at rest, and even if the device is lost or stolen, the data remains encrypted and unreadable without the encryption key. SEDs are highly secure and do not impact system performance as they have dedicated hardware to handle the encryption and decryption process.
C. Configure filesystem encryption: Filesystem encryption is a software-based encryption technique that encrypts individual files or folders on the device. While this approach provides some level of protection, it is not as secure as full disk encryption. Filesystem encryption also incurs performance overhead as the encryption and decryption process is handled by the device's CPU.
D. Enable Secure Boot using TPM: Trusted Platform Module (TPM) is a hardware-based security feature that provides secure storage of encryption keys, digital certificates, and other sensitive data. Enabling Secure Boot using TPM ensures that the device boots only from a trusted operating system and prevents malware from tampering with the boot process. However, this feature does not encrypt the data stored on the device.
In conclusion, implementing a self-encrypted disk (option B) is the best solution to protect sensitive system data from being accessed on mobile devices.