CompTIA CASP+ Practice Test

Which control measures can help reduce Company A’s legal risks related to data breaches?

• A. Implement encryption and separate duties
• B. Install additional firewalls
• C. Increase user training
• D. Enable remote connections for all employees

The correct answer is: Implement encryption and separate duties

Implementing encryption and establishing separate duties are key control measures that significantly diminish legal risks associated with data breaches. Encryption protects sensitive data by converting it into a format that cannot be easily read by unauthorized individuals. Should a data breach occur, encrypted data remains secure, reducing the likelihood of unauthorized access to personal or confidential information. This is crucial in meeting compliance requirements and can help mitigate the repercussions of a breach, thereby lowering potential legal liabilities. Separating duties introduces a system of checks and balances that helps to ensure that no single individual has control over all aspects of any critical process. This limits opportunities for internal fraud and errors, thereby enhancing the overall security posture of the organization. By ensuring that different personnel are responsible for different tasks related to data protection, the organization can better manage risks and ensure adherence to regulatory requirements. In contrast, while installing additional firewalls may improve network security, it does not directly address the legal implications of a data breach or ensure that sensitive information is adequately protected should a breach occur. Increasing user training is beneficial for awareness and may reduce the human error factor but does not have the same direct impact on legal compliance as encryption and separation of duties. Enabling remote connections for all employees could potentially increase the risk of breaches by exposing the network