CISA Certified Information Systems Auditor – Question2159

An IS auditor needs to consider many factors while evaluating an encryption system. Which of the following is LEAST important factor to be considered while evaluating an encryption system?

A.
Encryption algorithm
B. Encryption keys
C. Key length
D. Implementation language

Correct Answer: D

Explanation:

Explanation:
Implementation language is LEAST important as compare to other options. Encryption algorithm, encryption keys and key length are key elements of an Encryption system.
It is important to read carefully the question. The word “LEAST” was the key word. You had to find which one was LEAST important.
The following were incorrect answers:
Other options mentioned are key elements of an Encryption system
Encryption Algorithm – A mathematically based function or calculation that encrypts/decrypts data
Encryption keys – A piece of information that is used within an encryption algorithm (calculation) to make encryption or decryption process unique. Similar to passwords, a user needs to use the correct key to access or decipher the message into an unreadable form.
Key length – A predetermined length for the key. The longer the key, the more difficult it is to compromise in brute-force attack where all possible key combinations are tried.
Reference:
CISA review manual 2014 Page number 348