Certified Information Systems Auditor (CISA) — Question 1290

During the planning phase of a data loss prevention (DLP) audit, management expresses a concern about mobile computing. Which of the following should the IS auditor identify as the associated risk?

Answer options

• A. Lack of governance and oversight for IT infrastructure and applications
• B. Increased need for user awareness training
• C. The use of the cloud negatively impacting IT availability
• D. Increased vulnerability due to anytime, anywhere accessibility

Correct answer: D

Explanation

The correct answer, D, highlights the increased vulnerability that arises from mobile computing, where users can access data from anywhere, making it harder to secure. Options A and C focus on governance and IT availability, which, while relevant, do not directly address the specific risks associated with mobile computing. Option B, while important, is more about training than the inherent risks of mobile access.