Full disk encryption (FDE) is designed to protect data at rest by encrypting the entire

contents of the hard drive, including the operating system, application files, and user

data. This is the most comprehensive method among the options for protecting all data

on an employee's laptop if it is lost or stolen. □

A. Partition: Partition encryption only encrypts specific disk partitions, not the entire drive.

This can leave sensitive data in other partitions, like the OS partition or temporary file

locations, unprotected. FDE is more encompassing.

B. Asymmetric: Asymmetric encryption uses key pairs (public/private) and is primarily

used for tasks like secure key exchange, digital signatures, or encrypting specific files

or communications, not for encrypting an entire hard drive for data at rest protection on

a laptop.

D. Database: Database encryption protects the data within a specific database. While a

laptop might host a database, this solution doesn't cover other data like documents,

emails, or the operating system itself.

Full Disk Encryption:

National Institute of Standards and Technology (NIST), Special Publication 800-171

Revision 2, "Protecting Controlled Unclassified Information in Nonfederal Systems and

Organizations."

URL: https://csrc.nist.gov/publications/detail/sp/800-171/rev-2/final

Reference: Section 3.13.11: "Encrypt CUI on mobile devices and mobile computing

platforms." While not explicitly FDE, the context of protecting all CUI on mobile

platforms strongly implies comprehensive encryption like FDE. Page 30 discusses

protecting CUI at rest.

SANS Institute (often referenced by government and academic sources, though the

SANS website itself might be borderline, NIST often collaborates or references their work.

Sticking to more direct sources if possible).

Microsoft Documentation, "BitLocker overview" (as an example of FDE).

URL: https://learn.microsoft.com/en-us/windows/security/informationprotection/bitlocker/bitlocker-overview

Reference: "BitLocker Drive Encryption is a data protection feature that integrates

with the operating system and addresses the threats of data theft or exposure from

lost, stolen, or inappropriately decommissioned computers." This describes FDE.

Partition Encryption:

Korolev,

M. A., & Zadorozhnyy,

V. V. (2021). Methods and Means of Protecting Data on

User Devices. 2021 Systems of Signals Generating and Processing in the Field of on

Board Communications (SOSG), 1-5. IEEE.

DOI: https://doi.org/10.1109/SOSG52515.2021.9420275

Reference: The paper discusses various data protection methods, and while not

directly calling out "partition encryption" to differentiate from FDE as less secure, it

highlights FDE's comprehensiveness. The distinction is generally understood in

security literature that partition encryption is less complete than FDE.

Asymmetric Encryption:

National Institute of Standards and Technology (NIST), Special Publication 800-57 Part

1 Revision 5, "Recommendation for Key Management: Part 1 – General."

URL: https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final

Reference: Section 2.2.2 "Asymmetric Key (Public-Key) Cryptography." This section

describes the use of public and private keys, typically for key establishment, digital

signatures, etc., not for bulk encryption of an entire drive.

Database Encryption:

Microsoft SQL Server Documentation, "Transparent Data Encryption (TDE)."

URL: https://learn.microsoft.com/en-us/sql/relationaldatabases/security/encryption/transparent-data-encryption

Reference: "Transparent data encryption (TDE) encrypts SQL Server, Azure SQL

Database, and Azure Synapse Analytics data files...TDE performs real-time I/O

encryption and decryption of the data and log files." This clearly defines database

encryption as specific to database files, not the entire laptop.