Which of the following is included in a BYOD policy?
a. Key management
b. Data ownership
c. Credential management
d. Transitive trusts
Answer: B
When formulating a bring-your-own-device (BYOD) policy, the organization should clearly state who owns the data stored on the device, specifically addressing what data belongs to the organization. Answer A is incorrect because key management is intended to provide a single point of management for keys, enable users to manage the lifecycle of keys and to store them securely, and make key distribution easier. Answer C is incorrect because the use of credentials is to validate the identities of users, applications, and devices. Answer D is incorrect because transitive trusts enable decentralized authentication through trusted agents.