ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
A financial institution must supply a production customer-transaction file to an external QA team for performance testing. After stripping names and account numbers, the firm worries about re-identification through remaining attributes. Which additional measure best mitigates the risk of data aggregation attacks that could reveal individual borrowers' identities?
Generalize and suppress quasi-identifiers until every record satisfies an agreed k-anonymity threshold.
Replace each customer name with a random GUID but leave age, ZIP code, and loan amount unchanged.
Apply a CRC32 hash to each Social Security number before releasing the file.
Encrypt the dataset with AES-256 and share the decryption key through a secure channel.
Removing direct identifiers is not enough, because combinations of quasi-identifiers (for example ZIP code, birth date, and gender) can still allow an attacker to link records back to real people when correlated with public data sets. Enforcing k-anonymity further generalizes or suppresses such quasi-identifiers until each record is indistinguishable from at least k-1 others, sharply reducing the likelihood of successful re-identification. Simple encryption or hashing only protects data at rest; once decrypted for testing, the original sensitive structure remains. Tokenizing or hashing just one field while leaving other identifying attributes untouched similarly leaves aggregation-based re-identification possible.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.