CISA Certified Information Systems Auditor – Question1110

An employee uses a personal mobile device to access corporate data and email, but also allows friends to use it as a mobile hotspot for Internet access when not at work. The information security manager is concerned this situation may expose confidential data. The manager’s FIRST step should be to:

A.
update the mobile device usage standards to address the issue and communicate to all employees
B. activate the incident response plan to mitigate the impact and stop the compromise
C. review the associated risks to determine if additional controls are needed
D. implement additional security controls that will mitigate the situation and then reassess risks

Correct Answer: A