Certified Information Systems Auditor (CISA) — Question 395

Which of the following is the BEST control to minimize the risk of unauthorized access to lost company-owned mobile devices?

Answer options

• A. Device encryption
• B. Device tracking software
• C. Password/PIN protection
• D. Periodic backup

Correct answer: A

Explanation

Device encryption is the best control because it protects the data stored on the device, rendering it unreadable without the proper authentication. While device tracking software can help locate a lost device, it does not prevent unauthorized access to the data. Password/PIN protection alone can be bypassed if the device is seized, and periodic backups do not address the risk of unauthorized access.