Implementing Technical Modifications and Security Controls for Comprehensive Data Protection

C.

The question asks about the technical modifications and corresponding security controls that should be implemented to provide the MOST complete protection of data in a multinational banking corporation's upgraded IT infrastructure. The architecture comprises a centralized cloud environment hosting the majority of data, small server clusters at each corporate location to handle the majority of customer transaction processing, ATMs, and a new mobile banking application accessible from smartphones, tablets, and the Internet via HTTP.

The corporation does business having varying data retention and privacy laws. Therefore, the modifications must ensure compliance with these regulations while protecting data privacy and security. Let's analyze each option:

A. Revoke exiting root certificates, re-issue new customer certificates, and ensure all transactions are digitally signed to minimize fraud, implement encryption for data in-transit between data centers

This option focuses on minimizing fraud and securing data in-transit between data centers. Revoking root certificates and re-issuing customer certificates can prevent malicious entities from impersonating valid customers or servers. Digital signatures can ensure the authenticity of transactions. Encryption can protect data while it is transmitted between data centers. However, this option does not address the data privacy laws and regulations applicable to the corporation's business operations.

B. Ensure all data is encryption according to the most stringent regulatory guidance applicable, implement encryption for data in-transit between data centers, increase data availability by replicating all data, transaction data, logs between each corporate location

This option emphasizes data encryption, availability, and compliance with regulatory guidance. All data is encrypted, ensuring that it is protected during transmission and storage. Data replication ensures that data is available in case of a disaster. However, this option does not address the varying data retention and privacy laws in different countries where the corporation does business.

C. Store customer data based on national borders, ensure end-to end encryption between ATMs, end users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations

This option takes into account the different data retention and privacy laws in different countries. Storing customer data based on national borders can ensure that data is subject to the laws and regulations of the country where the customer resides. End-to-end encryption between ATMs, end-users, and servers can protect data in transit. Testing redundancy and COOP plans can ensure that data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations. This option provides a comprehensive approach to ensure data privacy and security while complying with regulations.

D. Install redundant servers to handle corporate customer processing, encrypt all customer data to ease the transfer from one country to another, implement end-to-end encryption between mobile applications and the cloud.

This option focuses on redundant servers for corporate customer processing, encryption of customer data to ease transfer between countries, and end-to-end encryption between mobile applications and the cloud. Redundant servers can ensure high availability and reduce downtime. Encrypting customer data can protect it during transmission and storage. However, this option does not address the different data retention and privacy laws in different countries.

Therefore, the most appropriate option for the multinational banking corporation to provide the MOST complete protection of data is option C: Store customer data based on national borders, ensure end-to-end encryption between ATMs, end-users, and servers, test redundancy and COOP plans to ensure data is not inadvertently shifted from one legal jurisdiction to another with more stringent regulations. This option provides a comprehensive approach to ensure data privacy and security while complying with regulations.