CISSP · Question #122
Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
The correct answer is B. Do not take unnecessary information, including sensitive information.. When traveling internationally with sensitive data, the best practice is to minimize the data you carry, reducing exposure risk if the device is lost, stolen, or compromised.
Question
Which of the following is a BEST practice when traveling internationally with laptops containing Personally Identifiable Information (PII)?
Options
- AUse a thumb drive to transfer information from a foreign computer.
- BDo not take unnecessary information, including sensitive information.
- CConnect the laptop only to well-known networks like the hotel or public Internet cafes.
- DRequest international points of contact help scan the laptop on arrival to ensure it is protected.
How the community answered
(35 responses)- A9% (3)
- B71% (25)
- C3% (1)
- D17% (6)
Why each option
When traveling internationally with sensitive data, the best practice is to minimize the data you carry, reducing exposure risk if the device is lost, stolen, or compromised.
Using a thumb drive on a foreign computer introduces significant malware and data exfiltration risks, as foreign systems may be compromised or intentionally set up to capture data from inserted media.
The principle of data minimization dictates that you should only carry information strictly necessary for the trip. Leaving unnecessary PII behind eliminates the risk of that data being exposed through device theft, border searches, or foreign surveillance, which is a foundational best practice in travel security policies from organizations like NIST and DHS.
Hotel Wi-Fi and public internet cafes are considered high-risk, untrusted networks that are frequent targets for man-in-the-middle attacks, making them unsuitable for handling PII.
Allowing foreign contacts or unknown parties to scan your laptop introduces a potential attack vector, as scanning tools or physical access could be used to install malware or exfiltrate data from the device.
Concept tested: Data minimization best practices for international travel
Source: https://www.cisa.gov/sites/default/files/publications/19_1009_cisa_international-travel-tips.pdf
Topics
Community Discussion
No community discussion yet for this question.