CISSP · Question #29
When transmitting information over public networks, the decision to encrypt it should be based on
The correct answer is C. the level of confidentiality of the information.. The decision to encrypt data transmitted over public networks should be driven by the sensitivity and confidentiality classification of the information, not its monetary value or volume.
Question
When transmitting information over public networks, the decision to encrypt it should be based on
Options
- Athe estimated monetary value of the information.
- Bwhether there are transient nodes relaying the transmission.
- Cthe level of confidentiality of the information.
- Dthe volume of the information.
How the community answered
(24 responses)- B8% (2)
- C88% (21)
- D4% (1)
Why each option
The decision to encrypt data transmitted over public networks should be driven by the sensitivity and confidentiality classification of the information, not its monetary value or volume.
Monetary value alone is an unreliable metric because highly sensitive information (e.g., personal health records, credentials) may have low direct monetary value yet still require strong encryption due to its confidentiality classification.
While the presence of transient relay nodes increases exposure risk, the fundamental trigger for encryption is the confidentiality requirement of the data itself, not the network topology or number of intermediate hops.
Encryption decisions are governed by data classification policies, which categorize information by its level of confidentiality (e.g., public, internal, confidential, restricted). Highly confidential data requires encryption to prevent unauthorized disclosure during transit over untrusted public networks. This aligns with information security principles such as those in ISO/IEC 27002, which tie cryptographic controls to the sensitivity of the data being protected.
The volume of data has no bearing on whether it requires encryption; even a single byte of confidential data must be encrypted, while large volumes of public data may require none.
Concept tested: Data classification driving encryption decisions in transit
Source: https://www.iso.org/standard/54533.html
Topics
Community Discussion
No community discussion yet for this question.