Examice

Exam CISA All QuestionsBrowse all questions from this exam

Question 238

An organization allows employees to use personally owned mobile devices to access customers' personal information. Which of the following is MOST important for an IS auditor to verify?

Employees have signed off on an acceptable use policy.

Devices have adequate storage and backup capabilities.

Mobile devices are compatible with company infrastructure.

Mobile device security policies have been implemented.

Correct Answer: D

When employees are allowed to use personally owned mobile devices to access customers' personal information, the priority must be to ensure that the information is secure and protected from unauthorized access. Implementing mobile device security policies is the most important action an organization can take to safeguard sensitive data. These policies can address various aspects such as encryption, password management, remote wipe capabilities, and other security measures that are crucial for maintaining data integrity and confidentiality. This is more critical than simply having employees sign an acceptable use policy or checking device compatibility and storage capabilities.

Discussion

007GeorgeoOption: D

Allowing employees to use personally owned mobile devices to access customers' personal information can increase the risk of unauthorized access or disclosure of the information. Therefore, it is critical that the organization implements appropriate security policies and controls to protect the information.

[Removed]Option: A

An employee BYOD agreement or acceptable use agreement (AUA) should require the employee to agree with the items in the policy before the device can be used for business purposes. Since it's a personal device and not a company mobile device, enforcing security policies might not be possible

Rachy

This is apt… thinking about personal experience, I only signed acceptable use agreement and now aware of any security policy

MunaMOption: D

seems answer is D

2022cisaOption: D

Yes, even i think it should be D

swmasindeOption: D

Also think D is the answer

analuisamoreiraOption: D

D. makes more sense for me

caanasOption: D

Acceptable usage policy is a part of Information security policy. If security policy is implemented, it takes care of option "A". Hence my answer will be "D".

blues_leeOption: D

D. Mobile device security policies have been implemented

3008Option: D

d is correct

3008Option: A

a is correct