The best recommendation for a risk practitioner when an employee lost a personal mobile device that may contain sensitive corporate information is to initiate a remote data wipe. A remote data wipe is a process of erasing the data stored on a device remotely, using a command sent over anetwork or a wireless connection. A remote data wipe can help to prevent the unauthorized access, use, disclosure, or theft of the sensitive corporate information, and to minimize the potential impact of the loss on the enterprise’s reputation, operations, and compliance. A remote data wipe can also help to comply with the data breach notification laws and regulations, and to reduce the legal liability and penalties. Conducting a risk analysis, invoking the incident response plan, and disabling the user account are not as immediate and effective as initiating a remote data wipe, as they do not address the primary risk of data exposure and loss. References = CRISC Review Manual, 6th Edition, ISACA, 2015, page 217.