Certified Information Systems Auditor (CISA) — Question 37

Which of the following is the BEST way to mitigate risk to an organization's network associated with devices permitted under a bring your own device (BYOD) policy?

Answer options

• A. Implement a network access control system.
• B. Require personal devices to be reviewed by IT staff.
• C. Enable port security on all network switches.
• D. Ensure the policy requires antivirus software on devices.

Correct answer: A

Explanation

Implementing a network access control system is the best way to manage and mitigate risks by ensuring only authorized devices connect to the network. While reviewing personal devices and requiring antivirus software can enhance security, they do not provide the comprehensive access control that a network access control system offers. Enabling port security on switches is useful but does not specifically address the risks associated with BYOD policies.