An information security manager is implementing a bring your own device (BYOD) program. Which of the following would BEST ensure that users adhere to the security standards?
A.
Publish the standards on the intranet landing page.
Questions to ask the IM manager,
1. If i don't have a policy but a MDM - would I be able to ensure security?
2. If i have a policy but not a MDM - would I be able to ensure seucurity?
I would say the likelihood of saying Yes 1 more over than 2, technincal control is generally more effective than administrative controls in the real world.
It a tough choice between B and C - but in the end there is one important thing to mention:
In security its always FIRST document, then ACT.
To express requirements and expectations to the user, a security manager has to develop an AUP first, before implementing technical controls like a MDM solution. If the security manager implements an MDM first, before formally expressing the organizations requirements, user might feel confused as the MDM solution might restrict them in their daily work.
Therefore, answer C is right.
If the employee wants to utilize the privilege of BYOD, the policy is already acceptable. The device management tool ensures that risk communicated by the "Risk Assessment" are best managed for policy adherence.
It is B as an AUP would heavily rely on a voluntary or trust-based compliance.
A technical solution would provide the means to enforce any security standards posed by the policy.
I think the key word in the question is "adhere" the ONLY thing that would do this is C deploy and MDM. An AUP is also a must but it won't make users "adhere to the security standards.
The questions ask for a deterrent control for the users to abide by. Standards are created from policies so Policies is the correct answer, if the question leans towards a corrective control then it will be MDM. Question clearly states what has to be done on the user side so that the user abide by the standards, it will be policy.
C is the best choice, we need to understand that this is managerial position, and the most thing is policy has to be establish first, then the next is how it will be implemented now MDM comes it which are works for engineer.
Modern tendencies tend to encourage implementing MDM for BYOD, as that's the only way to guarantee adherence to standards. BTW, the questions also says "standards", not "policies" so AUP is also not as relevant here. You are enforcing security standards (and policies if you have them) via MDM.
Deploying a device management solution is the most effective way to ensure that users adhere to security standards in a bring your own device (BYOD) program. A device management solution allows the organization to enforce security policies, monitor compliance, and remotely manage and secure devices that are used to access organizational resources. This ensures that devices conform to security standards and reduces the risk of security incidents associated with BYOD.
Implementing a device management solution allows the organization to enforce security standards on the devices that connect to the corporate network. This can include features such as device authentication, encryption, remote wiping capabilities, and other security controls. By deploying a device management solution, the organization can have better control over the security posture of devices used in the BYOD program.
While publishing standards on the intranet (option A) and establishing an acceptable use policy (option C) are important communication measures, they may not guarantee adherence. Monitoring user activities on the network (option D) is reactive and may not proactively enforce security standards. A device management solution provides a more proactive and effective means of ensuring adherence to security standards for BYOD.
It is very straightforward. To make an user adhere to standard must have an acceptable use policy which they are supposed to abide by. The policies can be imported into device management solution as a technical control to ensure the policy is enforced thus answer C should be appropriate and should already include option B.
C. Establish an acceptable use policy.
An acceptable use policy (AUP) outlines the rules and guidelines that users must follow when using their own devices for work purposes. It sets clear expectations regarding security practices, data protection, and acceptable behaviors. Users are required to read, understand, and agree to the AUP before they are granted access to company resources with their personal devices.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
DASH_v
Highly Voted 1 year, 11 months agoLexsalleon
Most Recent 1 month, 2 weeks agoJosef4CISM
4 months, 1 week agoRio42
5 months, 2 weeks agoServerBrain
7 months, 1 week agovassof95
8 months, 2 weeks agoCyber_Soter
11 months, 1 week agoyottabyte
1 year, 1 month agonuel_12
1 year, 1 month agoElDirec
1 year, 2 months agoAlexJacobson
1 year, 5 months agoCyberbug2021
1 year, 5 months agoViperhunter
1 year, 5 months agoViperhunter
1 year, 5 months agoacf4e9a
1 year, 6 months agoCyberbug2021
1 year, 5 months agooluchecpoint
1 year, 8 months agoAgamennore
1 year, 8 months ago