The chief Risk officer is concerned about the new employee BYOD device policy and has requested the security department implement mobile security controls to
protect corporate data in the event that a device is lost or stolen. The level of protection must not be compromised even if the communication SIM is removed from
the device. Which of the following BEST meets the requirements? (Select TWO)
A.
Asset tracking
B.
Screen-locks
C.
GEO-Tracking
D.
Device encryption
Explanation:
A: Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user.
D: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be
stolen.
Incorrect Answers:
B: Screen-lock is a security feature that requires the user to enter a password after a short period of inactivity before they can access the system again. This
feature ensures that if your device is left unattended or is lost or stolen, it will be difficult for anyone else to access your data or applications.
C: GEO tracking and GPS tracking can be used to identify its location of a stolen device and can allow authorities to recover the device. However, for GPS tracking
to work, the device must have an Internet connection or a wireless phone service over which to send its location information.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 236, 237, 238
In short, we have to provide a mitigation for two possibilities
1) Device is lost
2) Device is stolen
In addition to the above, there is one further criteria, namely:
3) The level of protection must not be compromised even if the communication SIM is removed from the device.
We have to select two BEST options.
In here, we are only been given one answer (A), which to my mind is wrong.
If the device is reported as LOST or STOLEN, Asset Tracking would be of very little effect.
For example:
• If no screen lock or device encryption is in place, the device would still be insecure whether it is with the rightful owner or not. In this situation, none of the criteria is met
• And who is going to keep monitoring the phones? A phone could be lost or stolen anywhere at any time, 24/7. What am I supposed to do….keep asking the owners of every devices every hour if they still have it?? It would be much better for the owner of the device to raise the alarm and report the issue as soon as the device is identified as lost/stolen which depending in the person could be hours or even days, by which time it would be too late to do anything about it in terms of data protection.
• And if the phone is lost and stolen, how will “asset tracking” help? Unless it reports…”oh, by the way, you lost your phone at home under the sofa, or it was stolen by Joe Blog who lives in 100 High Street!”
WRON ANSWERS:
A.Asset tracking- Asset tracking is the process of maintaining oversight over inventory, and ensuring that a device is still in the possession of the assigned authorized user. If the device is reported as lost or stolen, clearly the device is not still in the possession of the assigned authorized user, and data would have been compromised by the time the alarm is raised.
C- GEO-Tracking will not provide immediate help if the device is stolen, and it may give hackers plenty of time to hack the device before it is found. In addition, this can be disabled by the hacker as follows:
• Anyone with access to the phone, which could be anyone should the phone not be screen-locked and /or
• By removing the SIM card
So the only possible answers are: B- Screen-locks and D- Device encryption
0
0