A company has created a policy to allow employees to use their personally owned devices.
The Chief Information Security Officer (CISO) is getting reports of company data appearing on unapproved forums and an increase in theft of personal electronic devices.
Which of the following security controls would BEST reduce the risk of exposure?
Click on the arrows to vote for the correct answer
A. B. C. D.A.
The company allowing employees to use their personally owned devices is known as Bring Your Own Device (BYOD) policy. BYOD introduces significant security risks, and the company needs to implement appropriate security controls to reduce these risks.
The reports of company data appearing on unapproved forums indicate that data leakage is occurring, and the increase in theft of personal electronic devices indicates that there is a risk of data loss. Therefore, the security control that would best reduce the risk of exposure should address both data leakage and data loss.
A. Disk encryption on the local drive: This control will protect the data stored on the hard drive if the device is stolen. However, it does not address the issue of data leakage.
B. Group policy to enforce failed login lockout: This control can help prevent unauthorized access to the device. However, it does not address the issue of data leakage or data loss.
C. Multifactor authentication: This control can help prevent unauthorized access to the device and can also help prevent data leakage by requiring additional authentication steps to access sensitive data. However, it does not address the issue of data loss if the device is stolen.
D. Implementation of email digital signatures: This control can help prevent data leakage by ensuring that email messages are authentic and have not been altered. However, it does not address the issue of data loss.
Out of these options, multifactor authentication (C) would be the best control to reduce the risk of exposure. Multifactor authentication can help prevent unauthorized access to the device and can also help prevent data leakage by requiring additional authentication steps to access sensitive data. While it does not address the issue of data loss if the device is stolen, it is the most comprehensive control among the given options in terms of addressing the risks associated with BYOD policy.