Certified Information Systems Auditor (CISA) — Question 176

An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?

Answer options

• A. Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employees
• B. Monitoring employees' social networking usage
• C. Establishing strong access controls on confidential data
• D. Providing education and guidelines to employees on use of social networking sites

Correct answer: D

Explanation

Providing education and guidelines to employees on the use of social networking sites is crucial as it raises awareness about potential risks and proper practices. While requiring policy acknowledgment and NDAs (A), monitoring usage (B), and establishing access controls (C) are important, they do not directly address employee behavior and understanding of social media risks as effectively as education does.