Understanding Mobile Device Risks in an Organization:
When an organization allows third parties (vendors and visitors) to use outside smart devices to
access its proprietary networks and systems, it introduces significant compliance risks.
These risks include violations of regulatory requirements, industry standards, and internal security
policies.
Compliance Risks in Smart Device Usage:
Unauthorized Access: External users may bypass security controls, leading to data breaches or
regulatory non-compliance (e.g., GDPR, HIPAA, or PCI-DSS violations).
Lack of Encryption and Data Protection: If smart devices access sensitive information without proper
security protocols, the organization may fail to comply with industry regulations.
Failure to Enforce Mobile Device Management (MDM): Without proper policy enforcement,
organizations risk failing audits and facing penalties.
Why Other Options Are Incorrect:
B . Privacy:
Privacy concerns relate to handling personal data, but in this scenario, the focus is on third-party
access risks, which fall under compliance.
C . Strategic:
Strategic risks relate to long-term business objectives, whereas compliance risks are more immediate
and regulatory in nature.
D . Physical security:
Physical security deals with preventing unauthorized access to buildings or devices, not cybersecurity
risks from external smart devices.
IIA’s Perspective on Compliance and IT Security:
IIA Standard 2110 – Governance emphasizes the need to evaluate IT security risks, including third-
party access risks.
IIA GTAG (Global Technology Audit Guide) on IT Risks highlights compliance risks in Bring Your Own
Device (BYOD) and third-party access policies.
ISO 27001 Information Security Standard mandates controls to manage external device access risks.
IIA Reference:
IIA Standard 2110 – Governance and IT Security
IIA GTAG – IT Risks and BYOD Policies
ISO 27001 Information Security Standard
NIST Cybersecurity Framework for Mobile Device Security
Thus, the correct and verified answer is A. Compliance.
