Certified Information Systems Auditor (CISA) — Question 1449

An organization allows employees to use personally owned mobile devices to access customers' personal information. Which of the following is MOST important for an IS auditor to verify?

Answer options

• A. Employees have signed off on an acceptable use policy.
• B. Devices have adequate storage and backup capabilities.
• C. Mobile devices are compatible with company infrastructure.
• D. Mobile device security policies have been implemented.

Correct answer: D

Explanation

The correct answer is D because implementing mobile device security policies is essential to protect sensitive customer information from unauthorized access and potential breaches. While the other options are important, they do not directly address the security risks associated with accessing personal information on personal devices.