Which of the following bring-your-own-device (BYOD) practices is likely to increase the risk of Infringement on local regulations, such as copyright or privacy laws?
A.
Not installing anti-malware software
B.
Updating operating software in a haphazard manner,
C.
Applying a weak password for access to a mobile device.
Bring-your-own-device (BYOD) policies allow employees to use personal devices for work, but they introduce compliance risks.
Jailbreaking is the process of bypassing manufacturer-imposed security restrictions on a device (e.g., iPhones or Android devices).
This significantly increases the risk of privacy law violations, copyright infringements, and security breaches.
Why Option D is Correct?
Jailbreaking allows users to:
Install unauthorized software, which may violate software licensing agreements and copyright laws.
Remove security restrictions, increasing exposure to data breaches, malware, and non-compliance with privacy regulations (e.g., GDPR, HIPAA, or CCPA).
Bypass digital rights management (DRM), leading to potential copyright infringement issues.
IIA Standard 2110 – Governance mandates that internal auditors evaluate IT risks, including legal compliance related to mobile device usage.
ISO 27001 – Information Security Management also highlights the risks of unapproved software on enterprise devices.
Why Other Options Are Incorrect?
Option A (Not installing anti-malware software):
While a security risk, this primarily exposes devices to cyber threats rather than directly causing regulatory infringements.
Option B (Updating operating software in a haphazard manner):
Irregular updates pose security risks, but they do not directly violate copyright or privacy laws.
Option C (Applying a weak password):
Weak passwords increase security risks, but they do not inherently cause regulatory infringements like jailbreaking does.
Jailbreaking increases risks of copyright infringement (through unauthorized apps) and privacy violations (by removing security controls).
IIA Standard 2110 and ISO 27001 emphasize legal and regulatory compliance in IT security audits.
Final Justification:IIA References:
IPPF Standard 2110 – Governance (IT & Legal Compliance Risks)
ISO 27001 – Information Security Compliance
GDPR, HIPAA, and CCPA – Privacy Law Considerations for BYOD
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit