CISA Certified Information Systems Auditor – Question2143 - CISA Certified Information Systems Auditor

As described at security policy, the CSO implemented an e-mail package solution that allows for ensuring integrity of messages sent using SMIME. Which of the options below BEST describes how it implements the environment to suite policy´s requirement?

A. Implementing PGP and allowing for recipient to receive the private key used to sign e-mail message.
B. Implementing RSA standard for messages envelope and instructing users to sign all messages using their private key from their PKI digital certificate.
C. Implementing RSA standard for messages envelope and instructing users to sign all messages using their public key from their PKI digital certificate.
D. Implementing MIME solutions and providing a footer within each message sent, referencing to policy constraints related to e-mail usage.

Correct Answer: B

Explanation:

Explanation:
RSA e-mail standers stands for SMIME envelope. Using tm’s private key to sign messages, users will ensure recipients of message integrity by using sender´s public key for hash decryption and content comparison.
Exam candidates should be aware of e-mail solutions and technologies that addresses confidentiality, integrity and non-repudiation.
The following answers are incorrect:
Implementing PGP and allowing for recipient to receive the private key used to sign e-mail message.
Implementing RSA standard for messages envelope and instructing users to sign all messages using their public key from the PKI digital certificate.
Implementing MIME solutions and providing a footer within each message sent, referencing to policy constraints related to e-mail usage.
Reference:
CISA Review Manual 2010 – Chapter 5 – 5.4.5-Encryption – Digital Envelope