CISSP · Question #1103
In an IDEAL encryption system, who has sole access to the decryption key?
The correct answer is B. Data owner. In an ideal encryption system, the data owner should have sole access to the decryption key, as the data owner is the person or entity that has the ultimate authority and responsibility over the data. The data owner should be able to control who can access, modify, or delete the
Question
Options
- ASystem owner
- BData owner
- CData custodian
- DSystem administrator
How the community answered
(21 responses)- B90% (19)
- C5% (1)
- D5% (1)
Explanation
In an ideal encryption system, the data owner should have sole access to the decryption key, as the data owner is the person or entity that has the ultimate authority and responsibility over the data. The data owner should be able to control who can access, modify, or delete the data, and should be able to revoke or grant access rights as needed. The data owner should also be accountable for the security and compliance of the data. The system owner, the data custodian, and the system administrator are not the ideal candidates to have sole access to the decryption key, as they may not have the same level of authority, responsibility, or accountability over the data as the data owner. The system owner is the person or entity that owns the system that processes or stores the data, but may not have the same interest or knowledge of the data as the data owner. The data custodian is the person or entity that implements the security controls and procedures for the data, as defined by the data owner, but may not have the same rights or privileges to access the data as the data owner. The system administrator is the person or entity that manages the system that processes or stores the data, but may not have the same obligations or liabilities for the data as the data owner.
Topics
Community Discussion
No community discussion yet for this question.