Certified Chief Information Security Officer (CCISO) — Question 15

As the CISO, you have been tasked with the execution of the company's key management program. You MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key control will ensure no single individual can constitute or re-constitute a key?

Answer options

• A. Dual Control
• B. Separation of Duties
• C. Split Knowledge
• D. Least Privilege

Correct answer: C

Explanation

The correct answer is C, Split Knowledge, as it ensures that the key generation process requires collaboration between multiple parties, preventing any single individual from being able to create or reconstruct a key independently. Options A and B, while related to security practices, do not specifically address the need for shared responsibility in key management. Option D, Least Privilege, pertains to limiting user access and permissions, which is not directly relevant to the generation of encryption keys.