During audit fieldwork, an IS auditor learns that employees are allowed to connect their personal devices to company-owned computers. How can the auditor
BEST validate that appropriate security controls are in place to prevent data loss?
During audit fieldwork, an IS auditor learns that employees are allowed to connect their personal devices to company-owned computers. How can the auditor
BEST validate that appropriate security controls are in place to prevent data loss?
The best way for an IS auditor to validate that appropriate security controls are in place to prevent data loss is to verify that the data loss prevention (DLP) tool is properly configured by the organization. DLP tools are specifically designed to monitor and protect data from leakage or unauthorized access, which directly addresses the concern of employees connecting personal devices to company systems. This ensures that even if personal devices are connected, measures are in place to prevent any potential data loss.
Auditor is not responsible to verify or conduct the work, therefore, review is the answer here.
B, This option addresses the overall framework and guidelines for managing risks associated with personal device usage, making it the best choice for validating security controls.
The best answer is B. Review data loss and compliance with the applicable mobile device user acceptance policy. reason: Option A only focuses on the configuration of DLP tools without considering employee behavior and policy compliance. Option C. While important, insufficient employee awareness training does not necessarily result in data being lost. Option D, while testing employee responses to data loss, does not fully verify the effectiveness of all security controls.
Answer: B
A for me