Certified Information Systems Auditor (CISA) — Question 288
End users have been demanding the ability to use their own devices for work, but want to keep personal information out of corporate control. Which of the following would be MOST effective at reducing the risk of security incidents while satisfying end user requirements?
Answer options
- A. Encrypt corporate data on the devices.
- B. Enable remote wipe capabilities for the devices.
- C. Require complex passwords.
- D. Implement an acceptable use policy.
Correct answer: A
Explanation
Encrypting corporate data on the devices ensures that sensitive information is protected, even if the device falls into the wrong hands. While remote wipe capabilities can help in case of loss, they do not prevent unauthorized access to data on the device itself. Complex passwords enhance security but do not protect the data if the device is compromised. An acceptable use policy sets guidelines but does not provide technical safeguards against security incidents.