Certified Information Security Manager (CISM) — Question 218

A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?

Answer options

• A. Wipe the device remotely
• B. Remove user's access to corporate data
• C. Prevent the user from using personal mobile devices
• D. Report the incident to the police

Correct answer: A

Explanation

Remotely wiping the device will ensure that any sensitive data stored on it is erased, significantly reducing the chance of unauthorized access. While removing access to corporate data or preventing the use of personal devices are valid actions, they do not directly address the immediate risk posed by the stolen device. Reporting to the police is important for recovery but does not mitigate the risk of data exposure.