The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?
A . Revise the corporate policy to include possible termination as a result of violations
B . Increase the frequency and distribution of the USB violations report
C . Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
D . Implement group policy objects
Answer: D
Leave a Reply