An IS auditor has been asked to perform an assurance review of an organization's mobile computing security. To ensure the organization is able to centrally manage mobile devices to protect against data disclosure, it is MOST important for the auditor to determine whether:
For ensuring the organization is able to centrally manage mobile devices to protect against data disclosure, it is most important to have procedures in place that include the ability to remotely wipe data from lost devices. This capability addresses the immediate risk associated with a lost or stolen device by ensuring that sensitive data can be erased, thereby protecting it from unauthorized access. While having a security policy is important for guiding and defining the overall security measures, the specific procedure to remotely wipe data is the most critical aspect in the context of preventing data disclosure.
As per me D is right bcos Policy should be first of all there in place to centrally manage mobile computing security.
I think answer should be B
While procedures for lost devices that include remote wiping of data (option B) are important for mitigating risks associated with lost or stolen devices, having a security policy in place provides the overarching framework and guidance for implementing such procedures effectively.
Answer: D A comprehensive security policy outlines the organization's requirements, controls, and procedures for managing mobile devices securely.
b. Procedure for data wiping
I believe B should be the answer