Certified Information Systems Security Professional (CISSP) — Question 103

An organization is implementing data encryption using symmetric ciphers and the Chief Information Officer (CIO) is concerned about the risk of using one key to protect all sensitive data. The security practitioner has been tasked with recommending a solution to address the CIO's concerns. Which of the following is the
BEST approach to achieving the objective by encrypting all sensitive data?

Answer options

• A. Use a Secure Hash Algorithm 256 (SHA-256).
• B. Use Rivest-Shamir-Adleman (RSA) keys.
• C. Use a hierarchy of encryption keys.
• D. Use Hash Message Authentication Code (HMAC) keys.

Correct answer: C

Explanation

Using a hierarchy of encryption keys (Option C) allows for more granular control and reduces the risk associated with using a single key for all sensitive data. This method enables the organization to compartmentalize data protection and enhance security. The other options, such as SHA-256 (A), RSA keys (B), and HMAC keys (D), do not address the key management issue as effectively as a hierarchical approach.