The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related
incidents at the organization and comparing them to current industry trends. The desktop security engineer
feels that the use of USB storage devices on office computers has contributed to the frequency of security
incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user
receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations
on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST
effectively mitigate the logical risks associated with the use of USB storage devices?
A.
Revise the corporate policy to include possible termination as a result of violations
B.
Increase the frequency and distribution of the USB violations report
C.
Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
D.
Implement group policy objects