Certified Information Systems Auditor (CISA) — Question 903

Due to technical limitations, an organization is not able to implement encryption of credit card details in the customer database. Which of the following would provide the BEST assurance of data confidentiality?

Answer options

• A. Tokenization of credit card details
• B. Encryption of credit card details in transit
• C. Multi-factor authentication to access the database
• D. Data masking of credit card details on screen

Correct answer: A

Explanation

Tokenization replaces sensitive credit card information with a unique identifier, ensuring that the actual data is not stored in the database, which provides the highest level of confidentiality. While encryption in transit protects data during transfer, it does not safeguard data at rest. Multi-factor authentication and data masking offer security but do not address the core issue of protecting sensitive credit card information directly in the database.