Accessing Corporate Documents from Non-compliant Mobile Devices: Information Security Manager's Approach | CISA Exam Preparation

Managing CEO's Mobile Device Access: Ensuring Compliance | CISA Exam Prep

Prev Question Next Question

Question

A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy.

The information security manager should FIRST:

Answers

A. evaluate the business risk

B. evaluate a third-party solution

C. initiate an exception approval process

D. deploy additional security controls.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

When a CEO requests access to corporate documents from a mobile device that does not comply with organizational policy, the information security manager should take several steps to ensure the security of corporate information. The FIRST step that should be taken is to evaluate the business risk.

Answer A: Evaluate the Business Risk

The information security manager should start by evaluating the business risk associated with granting access to the CEO from the mobile device that does not comply with organizational policy. This evaluation involves determining the sensitivity of the information requested and the potential harm that could be caused if the information is compromised. If the information is deemed too sensitive, it may not be appropriate to grant access.

Answer B: Evaluate a Third-Party Solution

If the information security manager determines that granting access to the CEO from the mobile device that does not comply with organizational policy is necessary, he or she should then evaluate a third-party solution. This solution should provide adequate security to ensure that the information is not compromised. The third-party solution should be evaluated to determine whether it meets the organization's security requirements.

Answer C: Initiate an Exception Approval Process

If the information security manager determines that it is appropriate to grant access to the CEO from the mobile device that does not comply with organizational policy, he or she should initiate an exception approval process. This process involves obtaining approval from senior management or the board of directors to grant access. The approval process should include an evaluation of the risks and benefits associated with granting access and should ensure that appropriate security measures are in place.

Answer D: Deploy Additional Security Controls

Finally, if the information security manager determines that it is appropriate to grant access to the CEO from the mobile device that does not comply with organizational policy, he or she should deploy additional security controls. These controls should be implemented to ensure that the information is not compromised. Examples of additional security controls include encryption, two-factor authentication, and remote wipe capabilities.

In summary, when a CEO requests access to corporate documents from a mobile device that does not comply with organizational policy, the information security manager should FIRST evaluate the business risk. Once the risk has been evaluated, the information security manager should determine whether it is appropriate to grant access and, if so, evaluate a third-party solution, initiate an exception approval process, and deploy additional security controls.

Prev Question Next Question