CGEIT · Question #200
CGEIT Question #200: Real Exam Question with Answer & Explanation
The correct answer is B: Improve training courses on securing corporate information.. To address the security risks of employees using personal devices for corporate business while maintaining business benefits, the committee should prioritize mitigating human-related security risks.
Question
An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, what should be the committee's FIRST recommendation?
Options
- ADocument procedures for securing personal devices.
- BImprove training courses on securing corporate information.
- CPerform a risk assessment on personal device data protection.
- DUpdate the corporate security policy to include personal devices.
Explanation
To address the security risks of employees using personal devices for corporate business while maintaining business benefits, the committee should prioritize mitigating human-related security risks.
Common mistakes.
- A. Documenting procedures is important, but without prior training, employees may not understand or follow them effectively, making it a secondary step to immediate risk mitigation.
- C. Performing a risk assessment is a foundational step for understanding risks, but it doesn't immediately mitigate the ongoing security risk from current user behavior.
- D. Updating the corporate security policy is essential for formalizing rules, but without training, it may not immediately change employee behavior or secure existing usage effectively.
Concept tested. Mitigating insider security risks
Reference. https://learn.microsoft.com/en-us/compliance/regulatory/gdpr-data-protection-training
Topics
Community Discussion
No community discussion yet for this question.