Certified Internal Auditor (CIA) Part 3: Business Knowledge for Internal Auditing — Question 73

An organization has instituted a bring-your-own-device (BYOD) work environment. Which of the following policies best addresses the increased risk to the organization's network incurred by this environment?

Answer options

• A. Limit the use of the employee devices for personal use to mitigate the risk of exposure to organizational data.
• B. Ensure that relevant access to key applications is strictly controlled through an approval and review process.
• C. Institute detection and authentication controls for all devices used for network connectivity and data storage.
• D. Use management software to scan and then prompt patch reminders when devices connect to the network.

Correct answer: C

Explanation

The correct answer is C because implementing detection and authentication controls ensures that only authorized devices can connect to the network, significantly reducing the risk of unauthorized access. Options A and B do not directly address the security of devices connecting to the network, while option D focuses on maintenance rather than security controls.