When a remote employee traveled overseas, the employee’s laptop and several mobile devices with proprietary tools were stolen. The security team requires technical controls be in place to ensure no electronic data is compromised or changed. Which of the following BEST meets this requirement?
Full disk encryption with centralized key management ensures that all data on the device is encrypted, making it inaccessible to unauthorized users even if the device is stolen. This approach ensures that no electronic data can be compromised or changed without the proper decryption keys, which are managed securely and are not stored on the device itself.
I thought A but I have been convinced that it's D. The "or changed" in "no data is compromised or changed" is doing a lot of work on this question.
Going to go with D. The wording "ensure no electronic data is compromised or changed" seems to rule out remote wipe.
D okay to me
Full Disk Encryption (FDE): FDE ensures that all data on the device is encrypted, making it inaccessible to unauthorized users even if the device is stolen. This means that the data remains confidential and cannot be compromised or altered without proper decryption keys. Centralized Key Management: Centralized key management allows the organization to control and manage encryption keys securely. It ensures that even if the device is stolen, the keys required to decrypt the data are not on the device and can be revoked or rotated as necessary. This further ensures the integrity and confidentiality of the data.
A would be correct but the question and scenario mentions a laptop. So D is the next best choice
I would agree with D. If you don't have an encrypted disk then somebody could just remote the drive from the laptop, connect it to another system and read all the data. Drive encryption needs to be the first priority.