A financial company is focused on proactively protecting sensitive data stored on the devices.

For a financial company, protecting "data at rest" is a critical requirement of the Cisco Security Infrastructure blueprint. While physical security and BIOS-level protections have their place,Data encryption on disk(such as BitLocker, FileVault, or hardware-encrypted drives) is the only solution that fulfills the requirement of rendering the actual data unreadable if the device is lost or stolen.

Disk encryption uses cryptographic algorithms to transform readable data into ciphertext. Without the correct decryption key—which is typically released only after successful user authentication—the data remains a meaningless string of characters even if the hard drive is removed and connected to a different machine. AKensington Lock(Option A) is a physical deterrent to prevent theft but does not protect the data if the lock is cut or the device is stolen. ABIOS password(Option B) can prevent the OS from booting but does not stop an attacker from reading the data directly from the storage media.GPS tracking(Option D) helps in recovery but does not prevent unauthorized data access in the interim. Implementing full-disk encryption aligns with theCisco SAFEprinciple of pervasive data protection and ensures compliance with financial regulations regarding the safeguarding of sensitive client information on mobile endpoints.

========