Comprehensive and Detailed in-Depth Explanation:
Context:
Confidentialityis the highest priority, as the primary goal is toprotect PII (Personally Identifiable Information).
Availabilityis the second priority, crucial due to thelow latency requirementof medical devices.
Integrityis the third priority, essential to maintain accurate patient data.
The environment consists ofon-site applicationsinteracting with medical devices, wherecloud migration is not feasibledue to latency concerns.
Why the Correct Answer is C (Enable encryption at rest on medical devices):
Sinceconfidentialityis the top priority, enablingencryption at reston devices ensures thatsensitive data is protectedeven if the devices are compromised.
Medical devices can storePII locally, andencryption at restensures that even if physical or unauthorized access occurs, the data remainsconfidential.
Encrypting data at rest mitigates the risk of data leakage in scenarios likedevice theft or unauthorized access.
Given that the primary goal isconfidentiality, this action aligns with theCIA triadpriorities mentioned.
Why the Other Options Are Incorrect:
A. Move the application server to a network load balancing cluster:
This primarily addressesavailability, notconfidentiality.
Moving to a load-balanced setup may improveuptimebut doesnot directly protect PII.
B. Move the application to a CSP (Cloud Service Provider):
While cloud migration can offerenhanced security, it contradicts thelow latency requirementfor medical devices.
Transferring sensitive healthcare data to the cloud might introducelatency issuesand compromiseavailability.
D. Install FIM (File Integrity Monitoring) on the application server:
FIM primarily addressesintegrityby detecting changes in files but doesnot protect confidentiality.
Monitoring changes to filesdoes not encrypt or secure data at rest.
Best Practice:
In healthcare environments wherePII and medical data are stored locally, always implementencryption at restto ensure data remainsprotected and confidential.
TheHIPAAregulation also mandates encryption for protectingelectronic protected health information (ePHI), reinforcing the need for this step.
Extract from CompTIA SecurityX CAS-005 Study Guide:
TheCompTIA SecurityX CAS-005 Official Study Guideemphasizes that whenconfidentialityis the highest priority,data encryption at restis essential for protectingsensitive information. In healthcare environments wherePII and medical data are involved, encryption is anon-negotiable requirementto meet compliance standards.
Submit