Which of the following would be an appropriate course of action?

A Chief Information Security Officer (CISO) is concerned about new privacy regulations that apply to the company. The CISO has tasked a security analyst with finding the proper control functions to verify that a user’s data is not altered without the user’s consent.

Which of the following would be an appropriate course of action?
A . Automate the use of a hashing algorithm after verified users make changes to their data.
B. Use encryption first and then hash the data at regular, defined times.
C. Use a DLP product to monitor the data sets for unauthorized edits and changes.
D. Replicate the data sets at regular intervals and continuously compare the copies for unauthorized changes.

View Answer

Answer: A

Explanation:

Automating the use of a hashing algorithm after verified users make changes to their data is an appropriate course of action to verify that a user’s data is not altered without the user’s consent. Hashing is a technique that produces a unique and fixed-length value for a given input, such as a file or a message. Hashing can help to verify the data integrity by comparing the hash values of the original and modified data. If the hash values match, then the data has not been altered without the user’s consent. If the hash values differ, then the data may have been tampered with or corrupted.