Certified Information Security Manager (CISM) — Question 127

An organization has established a bring your own device (BYOD) program. Which of the following is the MOST important security consideration when allowing employees to use personal devices for corporate applications remotely?

Answer options

• A. Mandatory controls for maintaining security policy
• B. Mobile operating systems support
• C. Security awareness training
• D. Secure application development

Correct answer: A

Explanation

The most critical security consideration in a BYOD program is ensuring mandatory controls for maintaining the security policy, as this establishes the framework for protecting corporate data. While mobile operating systems support and security awareness training are important, they do not have the same immediate impact on the overall security posture as the enforcement of security policies. Secure application development is also crucial but comes after establishing a solid security policy framework.