Certified Information Security Manager (CISM) Practice Exam

Hashing is a one-way function commonly used in information security, making it the correct answer. A one-way function is designed to take an input (or "message") and produce a fixed-size string of characters, which is typically a digest that appears random. Importantly, this process is irreversible; it is not feasible to retrieve the original input from the hash output. This property makes hashing suitable for various applications, such as storing passwords securely, verifying data integrity, and ensuring that sensitive information remains confidential while still allowing for authentication or verification processes.

In contrast, encryption is reversible, meaning that it is possible to revert the encrypted data back to its original format using a specific key. Therefore, encryption is not considered a one-way function.

Tokenization involves replacing sensitive data elements with non-sensitive equivalents, known as tokens, but the original data can be retrieved using a mapping system. This retains a reversible element, unlike hashing.

Decryption is the process of converting encrypted data back into its original form. As with encryption, this is also not a one-way function, reinforcing why hashing stands out in this context.