CISSP practice question in our session today...answer included.
In a healthcare organization, which approach BEST addresses asset security while balancing patient data confidentiality and regulatory compliance?
A) Implement encryption for all data at rest
B) Adopt strict access controls for sensitive information
C) Conduct regular audits of data access
D) Train staff on data privacy policies
Explanation:
Correct Answer
B. Adopt strict access controls for sensitive information
Explanation (CISSP Manager Logic)
Managers must prioritize the principle of least privilege to satisfy both operational security and regulatory mandates like HIPAA. Enforcing strict access controls ensures that sensitive assets are only available to authorized personnel, directly mitigating the risk of unauthorized disclosure.
By adopting strict access controls, you
Enforce the principle of least privilege across the organization.
Meet specific regulatory requirements for protecting patient data.
Reduce the attack surface by limiting exposure of sensitive assets.
A: Encryption protects data from theft but does not prevent authorized users from abusing their access rights.
C: Auditing is a detective control that identifies breaches after they occur rather than preventing them.
D: Training is an administrative control that relies on human behavior rather than technical enforcement.
Think like a manager
Focus on the most effective preventive control that balances risk mitigation with compliance. Technical enforcement of access rights is the primary defense for asset security in highly regulated environments.
1
0 comments
Ed Morawski
4
CISSP practice question in our session today...answer included.
CISSP Study Group
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
Powered by