Exam CISM topic 1 question 56 discussion

why not D The current MDM is good enough to verify the security gaps with devices & OS version they are running. Security manager can simply use these fools. The actual challenge is to get usersSign Up their personal devices for corporate work where they can't claim privacy

Inconsistent device security

In a BYOD environment, users bring their own devices, which may vary widely in terms of security features, configurations, and patch levels. Managing the security of diverse devices, each with its own security posture, presents a significant challenge. Inconsistent device security can lead to vulnerabilities and increase the risk of unauthorized access or data breaches. While options like configuration management (option A), mobile application control (option B), and end-user acceptance (option D) are also important considerations in a BYOD program, addressing the inconsistency in device security is critical for maintaining a secure and resilient mobile environment.

Answer is C. The "inconsistent device security" is one of the biggest challenge for BYOD programme.

C. Inconsistent device security

n a BYOD program, employees use their personal mobile devices to access enterprise resources, such as email, corporate applications, and data. These devices may not be under the direct control of the enterprise, and therefore, they may not adhere to the same security standards and configurations as company-owned devices.

I was leaning towards C, but I said D mainly because some end users may not want to use their personal cellphones for privacy reasons. Getting every end user to say "yes" may pose be a bit of a problem because they are afraid that the organization may be monitoring everything they do with their cellphones.

correct

C imho

It was a tough one between B and C. I went with C because it is more all encompassing of security concerns; not just applications.

B. Mobile application control