An organization Wishes to deploy strong encryption to its most critical and sensitive databases. Which of the following is the BEST way to safeguard the encryption
keys?
A.
Ensure key management responsibility is assigned to the privacy officer.
B.
Ensure the keys are stored in a remote server.
C.
Ensure the keys are stored in a cryptographic vault.
D.
Ensure all access to the keys is under dual control_
The best way to safeguard the encryption keys is to ensure that they are stored in a cryptographic vault. A cryptographic vault is a secure hardware or software module that provides cryptographic services and protects the keys from unauthorized access, modification, or disclosure. A cryptographic vault can also provide other functions, such as key generation, key backup, key rotation, key destruction, and key auditing. A cryptographic vault can enhance the security and privacy of the encrypted data by preventing key compromise, leakage, or misuse. A cryptographic vault can also comply with the security standards and best practices for key management, such as the ISO/IEC 27002, NIST SP 800-57, or PCI DSS. References:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit