Partitioning the work environment from personal space on devices. This would best maintain information security without compromising employee privacy by creating a separate and secure area on the personal mobile devices for work-related data and applications. This way, the organization can protect its information from unauthorized access, loss, or leakage, while respecting the employees’ personal data and preferences on their own devices.
The other options are not as effective as option B in balancing information security and employee privacy. Option A, installing security software on the devices, is a good practice but may not be sufficient to prevent data breaches or comply with regulatory requirements. Option C, preventing users from adding applications, is too restrictive and may interfere with the employees’ personal use of their devices. Option D, restricting the use of devices for personal purposes during working hours, is impractical and difficult to enforce.
References:
ISACA, CISA Review Manual, 27th Edition, 2019
ISACA, CISA Review Questions, Answers & Explanations Database - 12 Month Subscription
Personal Cellphone Privacy at Work1
Protecting your personal information and privacy on a company phone2
Mobile Devices and Protected Health Information (PHI)3
Using your personal phone for work? Here’s how to separate yourapps and data4
9 Ways to Improve Mobile Security and Privacy in the Age of Remote Work5
