Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 109

Which of the following actions would senior management need to consider as part of new IT guidelines regarding the organization's cybersecurity policies?

Answer options

• A. Assigning new roles and responsibilities for senior IT management
• B. Growing use of bring your own devices for organizational matters
• C. Expansion of operations into new markets with limited IT access
• D. Hiring new personnel within the IT department for security purposes

Correct answer: B

Explanation

The correct answer is B, as the growing use of bring your own devices significantly impacts cybersecurity policies and requires careful consideration. While assigning roles, expanding operations, and hiring personnel are important, they do not directly address the immediate cybersecurity implications brought by personal devices in the workplace.