ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CSSLP All Questions

View all questions & answers for the CSSLP exam
Go to Exam

Exam CSSLP topic 2 question 79 discussion

Actual exam question from ISC's CSSLP
Question #: 79
Topic #: 2
[All CSSLP Questions]

You are responsible for network and information security at a large hospital. It is a significant concern that any change to any patient record can be easily traced back to the person who made that change. What is this called?

  • A. Availability
  • B. Confidentiality
  • C. Non repudiation
  • D. Data Protection
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Non repudiation refers to mechanisms that prevent a party from falsely denying involvement in some data transaction.
by 74gjd_37 at Oct. 1, 2023, 7:44 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
74gjd_37
5 months, 2 weeks ago
Selected Answer: C
C. Non repudiation
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
The requirement in this scenario to trace changes made to patient records back to the person who made them is an example of non-repudiation which refers to the ability to prove that a particular action was performed by a specific entity or user and cannot be denied, i.e., there is "non-repudiation" of their action. Availability (A) mainly relates to ensuring that information or resources are available whenever needed, while Confidentiality (B) primarily addresses how sensitive data should be kept in secrecy from unauthorized access. Data protection (D) is a more general term that may cover all three principles(Availability, Confidentiality and Integrity etc.) and typically includes multiple measures like backups,network security controls,data encryption strategies among others-aimed at protecting different dimensions of system-level operations."
upvoted 1 times
74gjd_37
5 months, 2 weeks ago
The variant "D. Data Protection" is incorrect because data protection is a broad term that can cover various aspects of information security such as confidentiality, integrity, availability, and non-repudiation. However, while patient record changes should be protected by security measures that maintain confidentiality and protect against unauthorized access or modification (as expected in D.Data Protection), the specific requirement to track every change made poses a non-repudiation challenge. Non-repudiation ensures accountability for actions taken on sensitive systems by holding users responsible for their activities even if they later deny them. This capability helps to ensure responsible behavior within organizations concerning critical systems such as those handling patient records where reliability and system logs availability play important roles. Therefore Non-Repudiation is more central in this context than overall data protection principles alone since it involves being able to trace back who did what to medical records rather than just securing it from external threats or vulnerabilities.
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago