Certified Information Security Manager (CISM) — Question 308

When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that:

Answer options

• A. the applications are tested prior to implementation
• B. security controls are applied to each device when joining the network
• C. users have read and signed acceptable use agreements
• D. business leaders have an understanding of security risks

Correct answer: D

Explanation

The correct answer is D because it's crucial for business leaders to comprehend security risks associated with BYOD to make informed decisions. While testing applications, applying security controls, and having users sign agreements are important, they are secondary to ensuring that leadership understands the broader implications of security in a BYOD environment.