The personal laptop of an organization executive is stolen from the office, complete with personnel and project records. Which of the following should be done FIRST to mitigate future occurrences?
A.
Encrypt disks on personal laptops.
B.
Issue cable locks for use on personal laptops.
C.
Create policies addressing critical information on personal laptops.
D.
Monitor personal laptops for critical information.
The first step to mitigate future occurrences of personal laptops being stolen from the office with critical information is to create policies addressing this issue. Policies are high-level statements that define the goals and objectives of an organization and provide guidance for decision making. Policies can specify the roles and responsibilities of the users, the acceptable use of personal laptops, the security controls and requirements for protecting critical information, the reporting and response procedures in case of theft or loss, and the sanctions for non-compliance. The other options are possible actions to implement the policies, but they are not the first step. Encrypting disks, issuing cable locks, and monitoring personal laptops are examples of technical, physical, and administrative controls, respectively, that can help prevent or detect unauthorized access to critical information on personal laptops. References: Official (ISC)2 CISSP CBK Reference, Fifth Edition, Domain 1: Security and Risk Management, p. 51-52; CISSP All-in-One Exam Guide, Eighth Edition, Chapter 1: Security and Risk Management, p. 29-30.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit