Section: Protection of Information Assets
Explanation:
The SSL security protocol provides data encryption, server authentication, message integrity and optional
client authentication. Because SSL is built into all major browsers and web servers, simply installing a
digital certificate turns on the SSL capabilities. SSL encrypts the datum while it is being transmitted over the
internet. The encryption is done in the background, without any interaction from the user; consequently,
there is no password to remember. The other choices are incorrect. Since the communication between
client and server is encrypted, the confidentiality of information is not affected by wiretapping. Since SSL
does the client authentication, only the intended recipient will receive the decrypted data. All data sent over
an encrypted SSL connection are protected with a mechanism to detect tampering, i.e., automatically
determining whether data has been altered in transit.

Section: Governance and Management of IT

Security administration procedures require read-only access to security log files to ensure that, once generated, the logs are not modified. Logs provide evidence and track suspicious transactions and activities. Security administration procedures require write access to access control tables to manage and update the privileges according to authorized business requirements. Logging options require write access to allow the administrator to update the way the transactions and user activities aremonitored , captured, stored, processed and reported.