An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business.
Although the committee appreciates the business benefits, it is also concerned with the security risk.
To deliver the business benefit, the committee's FIRST recommendation should be to:
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The IT strategy committee has received an audit report that indicates sales employees are using personal smartphones to conduct corporate business. While the committee appreciates the business benefits of using personal devices, they are also concerned about the security risk associated with it.
The question is asking for the committee's first recommendation to deliver business benefits while addressing the security risk.
Option A suggests updating the corporate security policy to include personal devices. This recommendation would help to clarify the company's policy regarding personal devices, which would help employees understand what is and is not acceptable behavior. This recommendation would be a good first step for the committee to take.
Option B suggests documenting procedures for securing personal devices. This recommendation would provide employees with guidelines on how to secure their personal devices when used for corporate business. While this recommendation is helpful, it may be premature without first updating the corporate security policy to include personal devices.
Option C suggests improving training courses on securing corporate information. This recommendation would help employees understand the importance of securing corporate information and how to do so properly. However, it may not address the specific issue of using personal devices for corporate business.
Option D suggests performing a risk assessment on personal device data protection. This recommendation would provide the committee with a better understanding of the risks associated with personal devices and would be an important step to take. However, it may not provide immediate business benefits.
In conclusion, Option A, updating the corporate security policy to include personal devices, would be the committee's FIRST recommendation to deliver business benefits while addressing the security risk. This recommendation would help to clarify the company's policy regarding personal devices, which would help employees understand what is and is not acceptable behavior. Once this policy is in place, the committee could move forward with other recommendations to address the security risks associated with personal devices.