Valid IIA-CIA-Part3 Dumps shared by EduDump.com for Helping Passing IIA-CIA-Part3 Exam! EduDump.com now offer the newest IIA-CIA-Part3 exam dumps, the EduDump.com IIA-CIA-Part3 exam questions have been updated and answers have been corrected get the newest EduDump.com IIA-CIA-Part3 dumps with Test Engine here:
What security feature would Identity a legitimate employee using her own smart device to gam access to an application run by the organization?
Correct Answer: B
To ensure security when employees use their own smart devices to access organizational applications, the best approach is to allow only pre-approved devices that meet the organization's security standards. * Device Security & Compliance: Approved devices are verified for security measures like encryption, mobile device management (MDM), and antivirus protection. * Risk Management: Restricting access to pre-approved devices reduces the risk of malware, unauthorized access, and vulnerabilities. * IT Control & Monitoring: IT can enforce security updates, compliance policies, and access control mechanisms on pre-approved devices. * Option A (Using a jailbroken or rooted smart device feature): Jailbroken or rooted devices remove security protections and create severe security vulnerabilities. * Option C (Obtaining written assurance from the employee that security policies and procedures are followed): Written assurances alone are not a security measure; technical controls must be enforced. * Option D (Introducing a security question known only by the employee): Security questions are weak authentication measures and do not verify the legitimacy of a device. * IIA's GTAG on Information Security Management stresses the importance of device security and requiring IT-approved devices. * NIST Special Publication 800-124 (referenced in IIA's IT Audit Guidance) highlights best practices for securing mobile devices in an enterprise setting, recommending pre-approved devices. Why Option B is Correct:Why Other Options Are Incorrect:IIA References:Thus, the most appropriate answer is B. Using only smart devices previously approved by the organization.