Certified in the Governance of Enterprise IT (CGEIT) — Question 70

An IT risk committee is trying to mitigate the risk associated with a newly implemented bring your own device (BYOD) policy and supporting mobile device management (MDM) tools. Which of the following would be the BEST way to ensure employees understand how to protect sensitive corporate data on their mobile device?

Answer options

• A. Require staff to review and sign nondisclosure agreements (NDAs)
• B. Require staff to complete security awareness training
• C. Develop security procedures for mobile devices
• D. Distribute the BYOD policy on the company Intranet

Correct answer: B

Explanation

The correct answer is B, as security awareness training equips employees with the necessary knowledge to recognize and mitigate risks associated with mobile device usage. While NDAs (A) and distributing the BYOD policy (D) are important, they do not provide comprehensive training on data protection. Developing security procedures (C) is useful but does not directly educate employees on sensitive data protection.