Certified Information Systems Auditor (CISA) — Question 331

Which of the following should be the GREATEST concern to an IS auditor reviewing an organization's method to transport sensitive data between offices?

Answer options

• A. The method relies exclusively on the use of 128-bit encryption.
• B. The method relies exclusively on the use of digital signatures.
• C. The method relies exclusively on the use of asymmetric encryption algorithms.
• D. The method relies exclusively on the use of public key infrastructure (PKI).

Correct answer: B

Explanation

The greatest concern is that relying solely on digital signatures does not provide confidentiality for the data being transported, only authenticity. In contrast, 128-bit encryption, asymmetric encryption algorithms, and public key infrastructure (PKI) offer mechanisms to secure the data itself during transport, addressing both confidentiality and integrity.