CISSP · Question #508
The threat modeling identifies a man-in-the-middle (MITM) exposure. Which countermeasure should the information system security officer (ISSO) select to mitigate the risk of a protected Health informa
The correct answer is B. Anonymization. When a MITM attack intercepts PHI data in transit, anonymization ensures that any captured data cannot be linked back to identifiable individuals, directly mitigating the risk of a PHI data leak.
Question
Options
- AAuditing
- BAnonymization
- CPrivacy monitoring
- DData retention
How the community answered
(39 responses)- A8% (3)
- B77% (30)
- C3% (1)
- D13% (5)
Why each option
When a MITM attack intercepts PHI data in transit, anonymization ensures that any captured data cannot be linked back to identifiable individuals, directly mitigating the risk of a PHI data leak.
Auditing is a detective control that logs and reviews access events after the fact; it does not prevent a MITM attacker from capturing and reading PHI in transit.
Anonymization transforms PHI by removing or obscuring all personally identifiable elements so that even if a MITM attacker intercepts the data, the information cannot be attributed to any specific individual. This directly addresses the data leak risk because the intercepted payload has no protected health value without re-identification keys. Under HIPAA, de-identification/anonymization is a recognized method to remove data from PHI classification, eliminating regulatory exposure even if interception occurs.
Privacy monitoring is also a detective/reactive measure that identifies privacy violations once they occur, rather than a preventive countermeasure that neutralizes the value of intercepted PHI.
Data retention policies govern how long data is stored and when it must be destroyed; they have no bearing on protecting data from interception during transmission in a MITM scenario.
Concept tested: PHI data leak mitigation via anonymization against MITM
Source: https://www.hhs.gov/hipaa/for-professionals/privacy/special-topics/de-identification/index.html
Topics
Community Discussion
No community discussion yet for this question.