Alice sent an email to Bob with a legally-binding digital signature. Which of the following best describes the security objective Alice wants to achieve?
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Integrity.
A digital signature ensures both authenticity and nonrepudiation; both security properties are part of the integrity in the classic CIA triad, defined in the FISMA.
In addition to the CIA triad and traditional 3A (Authentication, Authorization, and Accounting), the YA3A (Yet Another AAA) refers to Accounting, Auditing, and Accountability. However, YA3A may often confuse people. Some may put any of the three in the traditional 3A. However, I always put Accounting in the first place as it makes sense literally, reflects how it works, and implies a logical sequence (accounting for writing logs, auditing for reviewing logs, and accountability for having someone accountable).
CIA and FISMA
Accounting, Auditing, and Accountability (YA3A, Yet Another AAA)
- Logs are the work product of accounting; the audit trail refers to a set of correlated logs.
- Accounting is the process of recording entries or logs of the activities of subjects and objects, just like keeping financial accounting journals.
- Auditing is the process of reviewing or examining logs.
- Accountability can be achieved through auditing the audit trail to trace the activity to an entity uniquely.
The Sybex ISC2 Official CISSP Study Guide has a different view as follows:
- Auditing: recording a log of the events and activities related to the system and subjects.
- Accounting (aka accountability): reviewing log files to check for compliance and violations in order to hold subjects accountable for their actions.
A digital signature—a type of electronic signature—is a mathematical algorithm routinely used to validate the authenticity and integrity of a message (e.g., an email, a credit card transaction, or a digital document).
Digital signatures create a virtual fingerprint that is unique to a person or entity and are used to identify users and protect information in digital messages or documents.
In emails, the email content itself becomes part of the digital signature. Digital signatures are significantly more secure than other forms of electronic signatures.
Source: DHS CISA