CISA Certified Information Systems Auditor – Question1658

Which of the following would MOST effectively control the usage of universal storage bus (USB) storage devices?

A.
Policies that require instant dismissal if such devices are found
B. Software for tracking and managing USB storage devices
C. Administratively disabling the USB port
D. Searching personnel for USB storage devices at the facility's entrance

Correct Answer: B

Explanation:

Explanation:
Software for centralized tracking and monitoring would allow a USB usage policy to be applied to each user based on changing business requirements, and would provide for monitoring and reporting exceptions to management. A policy requiring dismissal may result in increased employee attrition and business requirements would not be properly addressed. Disabling ports would be complex to manage and might not allow for new business needs. Searching of personnel for USB storage devices at the entrance to a facility is not a practical solution since these devices are small and could be easily hidden.