Certified Information Security Manager (CISM) — Question 10

Senior management wants to provide mobile devices to its sales force. Which of the following should the information security manager do FIRST to support this objective?

Answer options

• A. Develop an acceptable use policy
• B. Conduct a vulnerability assessment on the devices
• C. Assess risks introduced by the technology
• D. Research mobile device management (MDM) solutions

Correct answer: C

Explanation

Assessing the risks introduced by the technology is crucial because it identifies potential vulnerabilities and threats related to mobile devices before implementation. Developing an acceptable use policy and conducting a vulnerability assessment are important but should follow after understanding the risk landscape. Researching MDM solutions is also valuable, yet it is more effective once the risks have been assessed.