Certified Information Systems Auditor (CISA) — Question 1443

An IS auditor has been asked to perform an assurance review of an organization's mobile computing security. To ensure the organization is able to centrally manage mobile devices to protect against data disclosure, it is MOST important for the auditor to determine whether:

Answer options

• A. lost devices can be located remotely.
• B. procedures for lost devices include remote wiping of data.
• C. a mobile security awareness training program exists.
• D. a security policy exists for mobile devices.

Correct answer: B

Explanation

The correct answer is B because having procedures for remote wiping of data ensures that sensitive information can be erased from lost devices, thus preventing data disclosure. While locating lost devices (A), training programs (C), and security policies (D) are important, they do not directly address the immediate risk of data exposure from lost devices as effectively as remote wiping does.