A cybersecurity analyst at a financial services company is reviewing the data protection strategy for a server that processes sensitive customer loan applications. The analyst confirms that the server's hard drive is protected with full-disk encryption. However, the analyst notes that the server has not been backed up in over a month. A subsequent power outage corrupts the server's drive, rendering all data unrecoverable. Which security principle was primarily compromised in this scenario?
While encryption effectively addresses the principle of confidentiality by preventing unauthorized access to data, it does not protect against data loss or ensure availability. In this scenario, the data was lost due to disk corruption and the lack of recent backups, which is a failure to ensure data availability. Data backups are a fundamental control for maintaining availability by allowing data to be restored after a loss event. Integrity controls would detect data alteration, and confidentiality controls (which were in place via encryption) protect against unauthorized disclosure, but neither would have prevented the data from being unrecoverable.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is encryption and how does it work?
Open an interactive chat with Bash
What measures can I take to protect against data corruption or loss?
Open an interactive chat with Bash
What are data integrity checks, and why are they important?