The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?

August 10, 2021 by Admin

A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls:
– Certificate pinning
– Tokenization
– Biometric authentication

The company has already implemented the following controls:
– Full device encryption
– Screen lock
– Device password
– Remote wipe

The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?

  • Enforce the use of a VPN when using the newly developed application
  • Implement a geofencing solution that disables the application according to company requirements
  • Implement an out-of-band second factor to authenticate authorized users
  • Install the application in a secure container requiring additional authentication controls

Leave a Reply