Certified Information Systems Auditor (CISA) — Question 502

Several unattended laptops containing sensitive customer data were stolen from personnel offices. Which of the following would be an IS auditor's BEST recommendation to protect data in case of recurrence?

Answer options

• A. Enhance physical security.
• B. Require the use of cable locks.
• C. Require two-factor authentication.
• D. Encrypt the disk drive.

Correct answer: D

Explanation

Encrypting the disk drive ensures that even if the laptops are stolen, the data remains inaccessible without the encryption key. While enhancing physical security and using cable locks can deter theft, they do not protect the data if a theft occurs. Two-factor authentication is useful for access control but does not safeguard data on stolen devices.