A financial institution implements a cryptographic system for securing customer transactions. During a security assessment, the review team discovers that the same cryptographic keys have been in use for over three years. What is the BEST approach to mitigate the vulnerability in this cryptographic system?
Switch to hardware security modules for key storage
Increase the key length to strengthen cryptographic resistance
The correct answer is to implement a key rotation policy based on industry standards and usage patterns. Key rotation is a fundamental control to mitigate risks in cryptographic systems, especially for keys that have been in use for extended periods. Long-term use of the same cryptographic keys increases the risk of compromise due to several factors:
Increased exposure time gives attackers more opportunities to obtain the key through various means
Computing power advances over time make older keys more vulnerable to brute force attacks
Compliance requirements often mandate periodic key rotation
While increasing key length would strengthen the cryptographic algorithm against brute force attacks, it doesn't address the fundamental issue of key age and exposure. Implementing quantum-resistant algorithms is forward-looking but doesn't address the immediate vulnerability of the existing long-term keys. Switching to hardware security modules improves key protection but doesn't solve the problem of keys being used for too long without rotation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is key rotation and why is it important?
Open an interactive chat with Bash
What industry standards should be followed for key rotation policies?
Open an interactive chat with Bash
What are the consequences of not implementing key rotation?
Open an interactive chat with Bash
ISC2 CISSP
Security Architecture and Engineering
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access