(ISC)2(ISC)2
CSSLP · Question #180
CSSLP Question #180: Real Exam Question with Answer & Explanation
The correct answer is C: Non repudiation. The ability to definitively trace any change to a patient record back to the individual who made it, ensuring they cannot deny their actions, is known as non-repudiation.
Secure Software Concepts
Question
You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?
Options
- AAvailability
- BConfidentiality
- CNon repudiation
- DData Protection
Explanation
The ability to definitively trace any change to a patient record back to the individual who made it, ensuring they cannot deny their actions, is known as non-repudiation.
Common mistakes.
- A. Availability refers to ensuring that authorized users can access information and systems when needed, which is not the same as tracing actions.
- B. Confidentiality refers to protecting information from unauthorized access or disclosure, which is distinct from proving who performed an action.
- D. Data protection is a broad term encompassing many security principles, including confidentiality, integrity, and availability, but 'tracing changes back to a person' specifically points to non-repudiation.
Concept tested. Non-repudiation in security
Topics
#Non-repudiation#Security principles#Accountability#Audit trails
Community Discussion
No community discussion yet for this question.