An organization allows employees to use personally owned mobile devices to access customers' personal information. Which of the following is MOST important for an IS auditor to verify?
A.
Employees have signed off on an acceptable use policy.
B.
Devices have adequate storage and backup capabilities.
C.
Mobile devices are compatible with company infrastructure.
D.
Mobile device security policies have been implemented.
Allowing employees to use personally owned mobile devices to access customers' personal information can increase the risk of unauthorized access or disclosure of the information. Therefore, it is critical that the organization implements appropriate security policies and controls to protect the information.
Acceptable usage policy is a part of Information security policy. If security policy is implemented, it takes care of option "A". Hence my answer will be "D".
An employee BYOD agreement or acceptable use agreement (AUA) should require the employee to agree with the items in the policy before the device can be used for business purposes.
Since it's a personal device and not a company mobile device, enforcing security policies might not be possible
This section is not available anymore. Please use the main Exam Page.CISA Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
007Georgeo
Highly Voted 2 years agoanaluisamoreira
Most Recent 11 months agocaanas
1 year, 1 month agoblues_lee
1 year, 3 months ago[Removed]
1 year, 5 months agoRachy
1 year, 4 months ago3008
2 years ago3008
2 years agoswmasinde
2 years, 2 months ago2022cisa
2 years, 7 months agoMunaM
2 years, 8 months ago