Certified Incident Handler (CIH) Practice Ecam

Which of the following focuses on protecting against unauthorized access to sensitive data?

• A. Access Control
• B. Cryptography
• C. Network Security
• D. Application Security

The correct answer is: Access Control

Access control is an essential security measure that specifically aims to protect against unauthorized access to sensitive data. It entails defining who is allowed to view and use resources in a computing environment. By implementing access control mechanisms, organizations can ensure that only authorized personnel have the ability to access and manipulate sensitive information, thereby minimizing the risk of data breaches and maintaining confidentiality. This approach is typically operationalized through policies and technologies that enforce user authentication and authorization. Examples include user IDs, passwords, biometric recognition, and role-based access control (RBAC), which segment access based on user roles within an organization. While other options, such as cryptography, network security, and application security, also play vital roles in protecting data, they do not solely focus on the prevention of unauthorized access. Cryptography secures data through encryption and decryption processes, making it unreadable to unauthorized users but does not inherently control access. Network security encompasses measures to protect the integrity of networks and data during transmission but does not specifically target user access control. Application security involves securing software applications but focuses more on preventing vulnerabilities within those applications rather than regulating access to data directly.