Several unattended laptops containing sensitive customer data were stolen from personnel offices. Which of the following would be an IS auditor's BEST recommendation to protect data in case of recurrence?
Several unattended laptops containing sensitive customer data were stolen from personnel offices. Which of the following would be an IS auditor's BEST recommendation to protect data in case of recurrence?
Encrypting the disk drive is the best recommendation to protect sensitive customer data in case of theft. Disk encryption ensures that the data remains inaccessible without the proper decryption key, thereby safeguarding the confidentiality of the information even if the laptops are stolen. Enhancing physical security or using cable locks can help prevent theft but do not protect the data if the laptops are stolen. Two-factor authentication is useful for access control but does not protect the data stored on the disk in the event of theft.
D. Encrypt the disk drive.
Encrypting the disk drive (option D) would be the best recommendation for an IS auditor to protect sensitive customer data in case of recurrence. Encrypting the disk drive ensures that even if the laptops are stolen, the data stored on them remains inaccessible without the encryption key. This adds an extra layer of security to protect the confidentiality of the information. While requiring the use of cable locks (option B) can prevent physical theft to some extent, it doesn't safeguard the data itself in case the theft does occur.