The correct answer isBbecause findingsensitive data on discarded devicesis the clearest indication that the IT asset life cycle is poorly managed. This points to failure in end-of-life handling, media sanitization, disposal controls, ownership accountability, and policy enforcement. It is a direct indicator of life cycle control breakdown with significant security and compliance consequences.
The other options are less conclusive:
A. Increased hardware maintenance costsmay indicate inefficiency, but not necessarily poor life cycle control.
C. Lack of asset labelingis a weakness, but less severe and less direct than improper disposal of sensitive data.
D. Inadequate employee trainingmay contribute to problems, but it is not the strongest indicator by itself.
Exact Extracts supporting the answer:
“When data are no longer needed by a particular process they should be handled according to policy.”
“Information that is no longer required to support the main purpose of the enterprise from an information security perspective should be managed under the retention policy.”
“The data security control that BEST protects the confidentiality of data stored on backup media in transit to a third-party storage facility is encryption.”
“The BEST safeguard against a data breach is security awareness training.”
These extracts support that assets and the data on them must be handled according to policy throughout the life cycle, especially when no longer needed. Sensitive data remaining on discarded devices is therefore the strongest indication of poor asset life cycle management.
===========
