The Chief Information Security Officer (CISO) of a large financial institution is responsible for implementing the security controls to protect the confidentiality and integrity of the organization’s Information Systems. Which of the controls below is prioritized FIRST?
In order to protect the confidentiality and integrity of an organization’s Information Systems, encryption of data in transit and data at rest should be prioritized first. Encryption is a fundamental security measure that ensures that the data remains confidential and is protected from unauthorized access both while it is stored and while it is being transmitted. This creates a secure foundation upon which other controls such as firewalls, WAF, HTTPS, and IPS can be layered.
Agree with C
Encryption only protects confidentiality; hashing protects integrity so it can't be C. D does seem the best answer.
WAF for integrity and HTTPS for confidentiality
I like D. I think C is too much focussed on the data and not on the systems.
C is correct
This is because encryption provides an additional layer of protection to sensitive data, making it more difficult for attackers to access or steal. Firewall, WAF, HTTPS, and IPS are also important security controls, but encryption should be prioritized first to ensure the confidentiality and integrity of the organization's information systems.
This is a classic CISSP test of semantics, imo. The answer that correlates to the question is WAF and HTTPS. You have to pay attention to the solution that fits the exact question.