Certified in Risk and Information Systems Control (CRISC) — Question 1165

Which of the following is the BEST reason to incorporate risk scenarios associated with a bring your own device (BYOD) policy into the enterprise-wide risk profile?

Answer options

• A. High cost of mobile device management (MDM) implementation
• B. Increased exposure to sensitive data leakage
• C. Increased trend of organizations within the industry adopting BYOD policies
• D. Lack of internal expertise to monitor personal mobile devices

Correct answer: B

Explanation

The correct answer is B because the main concern with BYOD policies is the increased risk of sensitive data leakage, which can have severe implications for the organization. While A, C, and D present valid considerations, they do not capture the critical security risk posed by allowing personal devices to access corporate data.