Certified Chief Information Security Officer (CCISO) — Question 105

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data, it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. The help desk is then flooded with complaints about the slow performance of the laptops and users are upset.
Which of the following best describes what the CISO did wrong?

Answer options

• A. Failed to identify all stakeholders and their needs
• B. Deployed the encryption solution in an inadequate manner
• C. Used 1024 bit encryption when 256 bit would have sufficed
• D. Used hardware encryption instead of software encryption

Correct answer: A

Explanation

The CISO failed to identify all stakeholders and their needs, which resulted in a lack of user consideration and subsequent complaints about performance. While the encryption solution may have been technically correct, the implementation disregarded the impact on user experience, making option A the most accurate description of the CISO's error.