312-50V11 · Question #256
Which security control role does encryption meet?
The correct answer is A. Preventative. Encryption is a preventative security control because it proactively stops unauthorized parties from accessing plaintext data before harm can occur.
Question
Which security control role does encryption meet?
Options
- APreventative
- BDetective
- COffensive
- DDefensive
How the community answered
(45 responses)- A87% (39)
- B9% (4)
- C2% (1)
- D2% (1)
Why each option
Encryption is a preventative security control because it proactively stops unauthorized parties from accessing plaintext data before harm can occur.
Encryption is classified as a preventative control because it protects data confidentiality by rendering information unreadable to anyone without the correct decryption key, acting before a security incident causes harm. Even if encrypted data is intercepted or stolen, it cannot be leveraged by an attacker, meaning the harm is prevented rather than detected or corrected after the fact.
Detective controls identify and alert on incidents after they occur - such as IDS alerts or audit logs - whereas encryption does not detect or report unauthorized access attempts.
Offensive is not a recognized control category in standard frameworks such as NIST SP 800-53 or ISO 27001, which classify controls as preventative, detective, or corrective.
Defensive is not a formal control type in standard security control taxonomies - while encryption is broadly defensive in nature, its proper classification in frameworks like NIST and ISO is preventative.
Concept tested: Encryption classified as a preventative security control
Source: https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final
Topics
Community Discussion
No community discussion yet for this question.