What can be concluded from this scenario?

FinanceX, a well-known financial institution, uses an online banking platform that enables clients to easily and securely access their bank accounts. To log in, clients are required to enter the one-lime authorization code sent to their smartphone.

What can be concluded from this scenario?
A . FinanceX has implemented a securityControl that ensures the confidentiality of information
B . FinanceX has implemented an integrity control that avoids the involuntary corruption of data
C . FinanceX has incorrectly implemented a security control that could become a vulnerability

Answer: A

Explanation:

Confidentiality is the property that information is not made available or disclosed to unauthorized individuals, entities, or processes. A security control is a measure that is put in place to protect the confidentiality, integrity, and availability of information assets. In this scenario, FinanceX has implemented a security control that ensures the confidentiality of information by requiring clients to enter a one-time authorization code sent to their smartphone when they log in to their online banking platform. This control prevents unauthorized access to the clients’ bank accounts and protects their sensitive information from being disclosed to third parties. The one-time authorization code is a form of two-factor authentication, which is a security technique that requires two pieces of evidence to verify the identity of a user. In this case, the two factors are something the user knows (their username and password) and something the user has (their smartphone). Two-factor authentication is a recommended security control for online banking platforms, as it provides a higher level of security than single-factor authentication, which relies only on one piece of evidence, such as a password.

Reference: ISO/IEC 27001:2022 Lead Implementer Course Content, Module 5: Introduction to Information Security Controls based on ISO/IEC 27001:20221; ISO/IEC 27001:2022 Information Security, Cybersecurity and Privacy Protection, Clause 3.6: Confidentiality2; ISO/IEC 27002:2022 Code of practice for information security controls, Clause 9.4: Access control3

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments