Certified Information Security Manager (CISM) — Question 877

An employee's bring your own device (BYOD) smartphone has been lost. To reduce the risk associated with the loss of corporate sensitive data stored on the phone, the information security manager's BEST course of action should have been to implement:

Answer options

• A. a requirement of prompt notification in the event of loss.
• B. multi-factor authentication for the mobile device.
• C. a board-approved and communicated mobile policy and standard.
• D. a securely configured device enforced by a mobile device management (MDM) solution.

Correct answer: D

Explanation

The best action is to enforce a securely configured device via a mobile device management (MDM) solution (D), as this allows for remote wiping and management of corporate data. While options A, B, and C provide some level of security, they do not directly prevent data loss or unauthorized access in the event of a device being lost.