A security manager at Company ABC, needs to perform a risk assessment of a new mobile device
which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the
company. The product is commercially available, runs a popular mobile operating system, and can
connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the
upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers
but experts estimate that over 73 million of the devices have been sold worldwide. Which of the
following is the BEST list of factors the security manager should consider while performing a risk
assessment?
A.
Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the
track record of the vendor in publicizing and correcting security flaws in their products; predicted
costs associated with maintaining, integrating and securing the devices.
B.
Ability to remotely administer the devices, apply security controls remotely, and remove the
SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs
associated with securing the devices.
C.
Ability to remotely monitor the devices, remove security controls remotely, and decrypt the
SSD; the track record of the vendor in publicizing and preventing security flaws in their products;
predicted costs associated with maintaining, destroying and tracking the devices.
D.
Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the
track record of the vendor in adapting the open source operating system to their platform;
predicted costs associated with inventory management, maintaining, integrating and securing the
devices.