Certified Information Security Manager (CISM) — Question 312

An organization permits the storage and use of its critical and sensitive information on employee-owned smartphones. Which of the following is the BEST security control?

Answer options

• A. Monitoring now often the smartphone is used
• B. Developing security awareness training
• C. Requiring the backup of the organization s data by the user
• D. Establishing the authority to remote wipe

Correct answer: D

Explanation

The best security control in this scenario is D, as having the authority to remote wipe ensures that sensitive data can be erased from a lost or stolen device, protecting it from unauthorized access. While the other options may improve security awareness or data management, they do not directly address the risk of data exposure from employee-owned devices.