A hardware security module (HSM) provides cryptographic services such as key management, key exchange, encryption, etc. It’s built on specialized hardware well-tested and certified in special laboratories. Which of the following is least related to authentication to the HSM under a trusted path to ensure no single person has sufficient authority to access certain functions or operations? (Wentz QOTD)
A. Split knowledge.
B. Separation of Duty (SOD).
C. Quorum-based authentication.
D. M of N control.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Separation of Duty (SOD).

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

Nowadays, “secret” is the basis of authentication. We typically use passwords (something you know), cryptographic keys in tokens (something you have), or 1-to-1 biometric features with PINs (something you are) for authentication.

• Split knowledge, Quorum-based authentication, and M of N control are common means of controlling access to secrets.
• Separation of Duty (SOD) is a measure that controls a process or workflow when designing a job position.

Reference

• Hardware security module
• What is M of N?
• M of N, About
• split knowledge
• trusted path
• Separation of Duty (SOD)

---

硬件安全模塊 (HSM) 提供諸如密鑰管理、密鑰交換、加密等密碼學的服務。它建立在特殊的專用硬件之上，並經過實驗室充分測試和驗證。 以下哪一項在可信路徑(trusted path)下對 HSM 進行身份驗證，以確保沒有一個人有足夠的權限訪問某些功能或操作最不相關？ (Wentz QOTD)
A. Split knowledge.
B. Separation of Duty (SOD).
C. Quorum-based authentication.
D. M of N control.