Certified in Risk and Information Systems Control (CRISC) Practice Test

Encryption primarily supports confidentiality and authenticity by ensuring that data is protected from unauthorized access and is verifiable in its origin. When data is encrypted, it is transformed into a format that cannot be easily understood by anyone who does not possess the correct decryption key. This means that even if a malicious actor intercepts the data, they cannot read or decipher it, thereby maintaining its confidentiality.

In addition to confidentiality, encryption can also enhance authenticity through mechanisms such as digital signatures. By using encryption, organizations can verify that the data has not been tampered with and confirm the identity of the sender. This is crucial in maintaining trust in communications and transactions, especially in environments where sensitive information is shared.

The other options do not accurately capture the primary function of encryption. Data availability refers to ensuring that authorized users have access to information when needed, which is not the direct focus of encryption. Data compression involves reducing the size of data for storage efficiency, which is unrelated to protection mechanisms. While data integrity is important, and encryption can contribute to it, the core purpose of encryption lies in safeguarding confidentiality and ensuring authenticity.