An organization allows employee use of personal mobile devices for corporate email.
Which of the following should be the GREATEST IS audit concern?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The use of personal mobile devices for corporate email poses several potential security and compliance risks that an IS auditor should be concerned about. Among the four options provided, the greatest IS audit concern is likely to be the absence of a corporate policy for the acceptable use of private devices (Option B).
Here's why:
A. Email forwarding to private devices requires excessive network bandwidth: While this could be a concern, it is more of an IT infrastructure or network management issue rather than a security or compliance issue. It could be addressed by optimizing network bandwidth or by setting up email forwarding rules that minimize the impact on network resources.
B. There is no corporate policy for the acceptable use of private devices: This is a significant concern as it means that employees are not aware of the acceptable use of their personal devices for corporate email. This could lead to several security and compliance risks such as the unauthorized disclosure of confidential information, malware infections, and non-compliance with regulatory requirements. An IS auditor should recommend that the organization develop and implement a comprehensive policy that defines the acceptable use of personal devices for corporate email and provides clear guidelines for employees to follow.
C. There is no adequate tracking of the working time spent out-of-hours: While this is a concern from a labor law or employee rights perspective, it is not necessarily a security or compliance issue that requires the attention of an IS auditor. However, an IS auditor could recommend that the organization implement time tracking measures to ensure that employees are not overworked or burnt out, which could impact their productivity and the organization's overall performance.
D. The help desk is not able to fully support different kinds of private devices: This is a concern from a user support perspective, but it is not necessarily a security or compliance issue. However, an IS auditor could recommend that the organization provide adequate training and resources to the help desk staff to enable them to support different kinds of devices and resolve issues related to personal devices used for corporate email.
In summary, the absence of a corporate policy for the acceptable use of personal devices for corporate email poses the greatest security and compliance risk, and an IS auditor should recommend that the organization develop and implement such a policy.