Under SSAE 18 (specifically the SOC 2 Trust Services Criteria), the confidentiality principle focuses on protecting sensitive information from unauthorized access. The best control to meet this objective is storage encryption, which ensures that even if data is accessed or stolen, it cannot be read without the proper decryption key.
B. Storage encryption
Storage encryption is the BEST control to ensure the confidentiality of data, as it protects data from unauthorized access by encrypting it.
The correct answer is B. Storage encryption.
Explanation:
The Statement on Standards for Attestation Engagements 18 (SSAE-18) is an attestation standard developed by the American Institute of Certified Public Accountants (AICPA) for reporting on controls at service organizations. The confidentiality category of SSAE-18 addresses the protection of information from unauthorized disclosure.
Storage encryption is the best control to meet the confidentiality category requirements, as it ensures that data stored on a device or in a database is encrypted, making it unreadable to unauthorized individuals. Even if the storage medium is compromised, the encrypted data remains protected from unauthorized access and disclosure.
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
franbarpro
Highly Voted 1 year, 7 months agoa_kto_to
Most Recent 1 month agoBoyBastos
9 months agouser009
1 year, 2 months agojackdryan
1 year ago