During an IT security audit, a financial services company discovers that its on-premises relational database stores millions of real-time credit-card transaction records. The data is classified as critical, and management wants to minimize the impact of a potential breach by ensuring any stolen files would be unreadable without authorized keys. Which of the following controls BEST meets this requirement?
Applying strong encryption to the database files, tables, or individual columns converts the plaintext records into ciphertext that can only be returned to readable form with the correct decryption key. This directly preserves confidentiality if the storage media, backups, or underlying server are compromised. Geographic restrictions only constrain where data is stored, masking substitutes fictitious values for limited use cases such as testing, and hashing creates digest values that detect tampering but does not hide the underlying data.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does encryption ensure data confidentiality in databases?
Open an interactive chat with Bash
What is the difference between encryption and hashing?