Certified Information Systems Auditor (CISA) — Question 751

Email required for business purposes is being stored on employees’ personal devices. Which of the following is an IS auditor's BEST recommendation?

Answer options

• A. Prohibit employees from storing company email on personal devices.
• B. Implement an email containerization solution on personal devices.
• C. Require employees to utilize passwords on personal devices.
• D. Ensure antivirus protection is installed on personal devices.

Correct answer: B

Explanation

The best recommendation is to implement an email containerization solution, as it allows for secure management of corporate emails while separating them from personal data. Prohibiting storage of company email or merely requiring passwords does not address the security risks effectively, and ensuring antivirus protection alone does not safeguard sensitive email data.