Best Recommendation for Addressing PII Storage Concerns
Question
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson's laptop.
The sales department has a higher-than-average rate of lost equipment.
Which of the following recommendations would BEST address the CSO's concern?
A.
Deploy an MDM solution. B.
Implement managed FDE.C.
Replace all hard drives with SEDs. D.
Install DLP agents on each laptop.
B.
Explanations
A Chief Security Officer (CSO) is concerned about the amount of PII that is stored locally on each salesperson's laptop.
The sales department has a higher-than-average rate of lost equipment.
Which of the following recommendations would BEST address the CSO's concern?
A.
Deploy an MDM solution.
B.
Implement managed FDE.C.
Replace all hard drives with SEDs.
D.
Install DLP agents on each laptop.
B.
The scenario described in this question concerns the storage of Personally Identifiable Information (PII) on salespeople's laptops, which are at higher risk of loss. The Chief Security Officer (CSO) is concerned about this and wants to implement a solution that can best address this concern.
A. Deploy an MDM solution: Mobile Device Management (MDM) solutions are typically used to manage and secure mobile devices such as smartphones and tablets. While an MDM solution can help to manage and secure laptops, it may not address the specific concern of PII stored locally on each salesperson's laptop. MDM solutions are more suitable for managing the entire device, such as enforcing device encryption and password policies, tracking the device's location, and remotely wiping the device if it is lost or stolen. Therefore, this option may not be the BEST solution for this particular scenario.
B. Implement managed FDE: Full Disk Encryption (FDE) is a technology that encrypts the entire hard drive of a device, ensuring that all data on the device is encrypted and protected. Managed FDE involves implementing a centrally managed solution that enforces FDE on all devices within an organization. This would be an effective solution for protecting the PII stored locally on each salesperson's laptop. If the laptop is lost or stolen, the data on the device would be encrypted, rendering it inaccessible without the encryption key. Therefore, this option could be the BEST solution for this scenario.
C. Replace all hard drives with SEDs: Self-encrypting drives (SEDs) are hard drives that have built-in encryption capabilities. They encrypt data on the fly as it is written to the drive and decrypt it as it is read from the drive. While this option would protect the PII stored on each salesperson's laptop, it may not be the BEST solution as it involves replacing all hard drives with SEDs, which could be expensive and time-consuming.
D. Install DLP agents on each laptop: Data Loss Prevention (DLP) solutions are designed to prevent the unauthorized disclosure of sensitive data, such as PII. DLP agents can be installed on each laptop to monitor data as it is created, stored, and transmitted, and can prevent unauthorized data transfers. While this option could help to prevent the unauthorized disclosure of PII, it may not be the BEST solution for this particular scenario as it does not directly address the concern of PII stored locally on each salesperson's laptop.
In conclusion, the BEST recommendation to address the CSO's concern would be to implement managed FDE, as it would effectively protect the PII stored locally on each salesperson's laptop.
