Certified Information Systems Auditor (CISA) — Question 534

A USB device containing sensitive production data was lost by an employee, and its contents were subsequently found published online. Which of the following controls is the BEST recommendation to prevent a similar recurrence?

Answer options

• A. Monitoring data being down loaded on USB devices
• B. Using a strong encryption algorithm
• C. Training users on USB device security
• D. Electronically tracking portable devices

Correct answer: B

Explanation

Using a strong encryption algorithm ensures that even if the USB device is lost or accessed by unauthorized individuals, the sensitive data remains protected and unreadable. While monitoring, training, and tracking are useful controls, they do not directly secure the data itself, making encryption the best option for preventing data exposure.