An IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes.
Which of the following recommendations would BEST help to reduce the risk of data leakage?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The IS auditor found that a company executive is encouraging employee use of social networking sites for business purposes. Social networking sites have the potential to create several risks, including data leakage. To reduce the risk of data leakage, the auditor should recommend measures that focus on controlling access to confidential data and educating employees about the risks of using social networking sites for business purposes.
Option A: Requiring policy acknowledgment and nondisclosure agreements signed by employees This recommendation would help to ensure that employees are aware of their obligations regarding the handling of confidential data. However, it does not address the risk of data leakage through the use of social networking sites.
Option B: Providing education and guidelines to employees on the use of social networking sites This recommendation would help to raise awareness of the risks associated with the use of social networking sites and provide guidance on safe practices. Employees may be more likely to follow guidelines if they understand the reasons behind them. However, it does not ensure that employees follow the guidelines.
Option C: Establishing strong access controls on confidential data This recommendation would help to prevent unauthorized access to confidential data. By limiting access to data, the risk of data leakage is reduced. However, it does not address the issue of employees using social networking sites for business purposes.
Option D: Monitoring employees' social networking usage This recommendation would help to detect inappropriate use of social networking sites and identify potential incidents of data leakage. However, it could also create a culture of mistrust, and employees may view this as an invasion of their privacy.
Therefore, the best recommendation to reduce the risk of data leakage would be to provide education and guidelines to employees on the use of social networking sites. This recommendation would help to raise awareness of the risks and provide guidance on safe practices. Additionally, it is important to establish policies and procedures that clearly define what is expected of employees when using social networking sites for business purposes. By providing clear guidance and educating employees, the risk of data leakage can be reduced.