What should be an IS auditor's GREATEST concern when an organization's virtual private network (VPN) is implemented on employees' personal mobile devices?
When employees use personal mobile devices to access a VPN, the greatest concern for an IS auditor is the potential for sensitive data to be stored in an unsecured manner. If data is stored in plain text, it could be easily accessed by unauthorized parties if the device is lost, stolen, or compromised. This risk is heightened when the devices are not managed by the organization's IT department, which would typically enforce security policies such as encryption.
Currently there are no comments in this discussion, be the first to comment!