Information Security is a discipline to protect assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability, or CIA for short, support business processes, and create and deliver values. All of the following hinder or enforce the security objective of integrity, except which one?
A. A recipient denied having received a message
B. A disgruntled employee deleted confidential files
C. A middle man poisoned a DNS
D. A sender signed an email with digital signature
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. A disgruntled employee deleted confidential files. (or E. None of the above)
According to the law, Pub.L. 107–347, 116 Stat. 2899, non-repudiation and authenticity are the security properties of integrity.
I believe we all agree the following options relate to integrity without a doubt:
- Repudiation is a denial of the truth or validity of something. “A recipient denied having received a message” hinders non-repudiation, hence integrity.
- “C. A middle man poisoned a DNS” hinders integrity.
- “D. A sender signed an email with digital signature” enforces non-repudiation, hence integrity.
Based on the exam answering skill of ruling out options, we can conclude the answer is “B. A disgruntled employee deleted confidential files.”
However, it has been controversial on the following issue:
Does the deletion of files affect integrity or availability?
IMO, deleting files affects both integrity and availability. Some argue it affects integrity, while others are in favor of availability.