An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Which of the following recommendations would BEST help to reduce the risk of data leakage?
Providing education and guidelines to employees on the use of social networking sites is the best recommendation to reduce the risk of data leakage. This approach raises awareness about the potential risks and teaches employees how to avoid actions that could lead to data breaches. While policies, NDAs, and access controls are important, they do not directly address the everyday interactions employees have on social media. Educating employees ensures they are knowledgeable about safe practices, which directly reduces the risk of data leakage when using these platforms.
A. Requiring policy acknowledgment and nondisclosure agreements (NDAs) signed by employees The best recommendation to reduce the risk of data leakage in this scenario is to require policy acknowledgment and nondisclosure agreements (NDAs) signed by employees. By doing so, the company sets clear expectations for how social networking sites should be used for business purposes, and it emphasizes the importance of maintaining the confidentiality of sensitive information. Employees who sign NDAs are legally bound not to disclose confidential information, which helps mitigate the risk of data leakage.
Requiring policy acknowledgment and nondisclosure agreements signed by employees This recommendation would help to ensure that employees are aware of their obligations regarding the handling of confidential data. However, it does not address the risk of data leakage through the use of social networking sites.
D is answer
the best recommendation to reduce the risk of data leakage would be to provide education and guidelines to employees on the use of social networking sites. This recommendation would help to raise awareness of the risks and provide guidance on safe practices. Additionally, it is important to establish policies and procedures that clearly define what is expected of employees when using social networking sites for business purposes. By providing clear guidance and educating employees, the risk of data leakage can be reduced.
Can somebody clarify why it would not be C please?
For C: is a crucial security measure, but it does not specifically address the risk of data leakage through social networking sites. Access controls are essential, but they need to be complemented with guidelines and education on social networking practices to adequately address the identified risk.
Also thought of C. My reasonong is, strong access controls ensure that only authorized personnel have access to confidential data, which mitigates the risk of unauthorized disclosure or leakage through social networking platforms. It ensures that even if employees use these platforms, access to sensitive data remains tightly controlled and secure.
Why not A? signing a NDAs makes employees more responsible about the data.
users may access these services through other means such as mobile phones and home computers; therefore, awareness training is most critical so best choice will be D
Education and guidelines can help employees understand the benefits and risks of using social media for business purposes, such as increasing brand awareness, engaging with customers, and sharing industry insights.