Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 59

An organization has an established bring-your-own-device policy. Due to this policy, which of the following privacy risks would be most relevant to the organization?

Answer options

• A. Employees who consider updates of software or operating systems degrading to the performance of their devices might choose not to install the updates.
• B. Confidential intellectual property of the organization may be compromised if the smart device is physically lost.
• C. Concern by employees that the organization could intrusively monitor them through their smart devices.
• D. Malware may infect smart devices that contain the organization's confidential data if the device does not have adequate security restrictions.

Correct answer: B

Explanation

The correct answer is B because if a smart device is lost, any confidential information it contains could be exposed, posing a significant privacy risk. While the other options point out relevant concerns, they do not directly relate to the immediate loss of physical devices and the potential compromise of sensitive data.