Certified Information Systems Security Professional (CISSP) — Question 209

The Chief Information Security Officer (CISO) of a large financial institution is responsible for implementing the security controls to protect the confidentiality and integrity of the organization’s Information Systems. Which of the controls below is prioritized FIRST?

Answer options

• A. Firewall and reverse proxy
• B. Web application firewall (WAF) and HyperText Transfer Protocol Secure (HTTPS)
• C. Encryption of data in transit and data at rest
• D. Firewall and intrusion prevention system (IPS)

Correct answer: C

Explanation

The correct answer is C, as encryption of data in transit and data at rest is essential for protecting sensitive information from unauthorized access. While firewalls and intrusion prevention systems are important, they serve more as perimeter defenses rather than directly securing the data itself, which is why they are not prioritized first.