Encryption is the process of converting plaintext data into an unreadable format called ciphertext. This is achieved using a cryptographic algorithm and a key. Only authorized individuals who possess the correct decryption key can revert the ciphertext back to its original, readable form. By rendering the data unintelligible to unauthorized parties, encryption directly enforces confidentiality for data at rest, such as information stored within a database. If an attacker gains access to the physical database files, the encrypted data remains protected and confidential without the corresponding key.

A. Hashing: Hashing is a one-way function primarily used for data integrity verification and secure password storage, not for general data confidentiality as it is not reversible.

B. Archiving: Archiving is a data lifecycle management process for long-term storage and retention. It does not inherently provide confidentiality for the data being stored.

C. Monitoring: Monitoring is a detective control used to observe and log access to a database. It helps identify unauthorized activity but does not prevent the initial breach of confidentiality.

1. National Institute of Standards and Technology (NIST). (2020). Special Publication 800-57 Part 1 Revision 5: Recommendation for Key Management: Part 1 – General. Section 2.2.1

"Cryptographic Mechanisms and Services

" p. 10. This document states

"Encryption provides the service of confidentiality."

2. Pfleeger

C. P.

Pfleeger

S. L.

& Margulies

J. (2015). Security in Computing (5th ed.). Pearson Education. Chapter 1

"Introduction

" Section 1.2

"The Meaning of Computer Security

" p. 6. The text explicitly defines confidentiality as "ensuring that data is not disclosed to unintended persons" and identifies encryption as a primary mechanism to achieve it.

3. University of California

Berkeley. (n.d.). Security of Information Systems and Networks - CS 161. Course materials. Lecture notes on "Cryptography" typically define encryption as the fundamental tool for ensuring the confidentiality of data both in transit and at rest.