Best Security Controls for Personally Owned Devices in a Company

A.

The company allowing employees to use their personally owned devices is known as Bring Your Own Device (BYOD) policy. BYOD introduces significant security risks, and the company needs to implement appropriate security controls to reduce these risks.

The reports of company data appearing on unapproved forums indicate that data leakage is occurring, and the increase in theft of personal electronic devices indicates that there is a risk of data loss. Therefore, the security control that would best reduce the risk of exposure should address both data leakage and data loss.

A. Disk encryption on the local drive: This control will protect the data stored on the hard drive if the device is stolen. However, it does not address the issue of data leakage.

B. Group policy to enforce failed login lockout: This control can help prevent unauthorized access to the device. However, it does not address the issue of data leakage or data loss.

C. Multifactor authentication: This control can help prevent unauthorized access to the device and can also help prevent data leakage by requiring additional authentication steps to access sensitive data. However, it does not address the issue of data loss if the device is stolen.

D. Implementation of email digital signatures: This control can help prevent data leakage by ensuring that email messages are authentic and have not been altered. However, it does not address the issue of data loss.

Out of these options, multifactor authentication (C) would be the best control to reduce the risk of exposure. Multifactor authentication can help prevent unauthorized access to the device and can also help prevent data leakage by requiring additional authentication steps to access sensitive data. While it does not address the issue of data loss if the device is stolen, it is the most comprehensive control among the given options in terms of addressing the risks associated with BYOD policy.