Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 225

An organization has adopted a bring-your-own-device (BYOD) policy, and employees can access organizational data via their smart devices. Which of the following authentication policy requirements is the most advisable?

Answer options

• A. Require a virtual private network (VPN).
• B. Require at least an eight-digit passcode or a complicated swipe pattern.
• C. Require the remote wipe function and encryption of local data.
• D. Require a passcode followed by a response requiring verification message.

Correct answer: C

Explanation

Option C is the best choice because requiring the remote wipe function and local data encryption ensures that sensitive organizational data is protected in case a device is lost or compromised. While options A, B, and D provide some level of security, they do not address the critical need for data protection as effectively as option C does.