Isaca Certified Information Systems Auditor CISA Question # 433 Topic 44 Discussion
CISA Exam Topic 44 Question 433 Discussion:
Question #: 433
Topic #: 44
During audit framework. an IS auditor teams that employees are allowed to connect their personal devices to company-owned computers. How can the auditor BEST validate that appropriate security controls are in place to prevent data loss?
A.
Conduct a walk-through to view results of an employee plugging in a device to transfer confidential data.
B.
Review compliance with data loss and applicable mobile device user acceptance policies.
C.
Verify the data loss prevention (DLP) tool is properly configured by the organization.
D.
Verify employees have received appropriate mobile device security awareness training.
The best way to validate that appropriate security controls are in place to prevent data loss is to review compliance with data loss and applicable mobile device user acceptance policies. This will ensure that the organization has established clear rules and guidelines for employees to follow when connecting their personal devices to company-owned computers. A walk-through, a DLP tool configuration, and a security awareness training are not sufficient to validate the effectiveness of the controls, as they may not cover all possible scenarios and risks. References: IT Audit Fundamentals Certificate Resources
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit