Certified Information Systems Auditor (CISA) — Question 515

An organization allows employees to retain confidential data on personal mobile devices. Which of the following is the BEST recommendation to mitigate the risk of data leakage from lost or stolen devices?

Answer options

• A. Configure to auto-wipe after multiple failed access attempts.
• B. Require employees to attend security awareness training.
• C. Enable device auto-lock function.
• D. Password protect critical data files.

Correct answer: A

Explanation

The best recommendation is to configure the device to auto-wipe after multiple failed access attempts, as this prevents unauthorized access to sensitive data. While security awareness training, auto-lock functions, and password protection are important, they do not provide the immediate data protection that an auto-wipe feature offers in the event of device loss or theft.