An administrator is trying to develop a BYOD security policy for employees that are bringing a wide range of devices to connect to the company network. Which three objectives must the BYOD security policy address? (Choose three.)

When developing a Bring Your Own Device (BYOD) security policy, the primary objectives are to ensure the security of the corporate network while allowing employees the flexibility to use their personal devices. Here are three objectives that such a policy must address:

1. The level of access of employees when connecting to the corporate network must be defined: It’s crucial to specify what resources each user can access when they connect their personal device to the corporate network. This helps to maintain security by ensuring that employees can only reach the necessary data and systems for their roles.
2. Rights and activities permitted on the corporate network must be defined: The policy should clearly outline what employees can and cannot do on the corporate network. This includes acceptable use policies, prohibited activities, and potential restrictions on certain types of applications or services to mitigate security risks.
3. Safeguards must be put in place for any personal device being compromised: The policy must address the steps to be taken to protect corporate data in case an employee’s personal device is lost, stolen, or compromised. This often includes requirements for encryption, remote wiping capabilities, and strong authentication measures.

The other options listed are not typical or recommended objectives of a BYOD security policy:

• All devices must have open authentication with the corporate network: This would be a significant security risk. Instead, strong authentication should be enforced.
• All devices should be allowed to attach to the corporate network flawlessly: While ease of connectivity is important, it should not override security considerations. Devices should meet certain security standards before being allowed to connect.
• All devices must be insured against liability if used to compromise the corporate network: While it is important to consider the implications of a compromised device, requiring insurance is not a practical or enforceable policy for individual employee-owned devices. Instead, the focus should be on prevention, detection, and response to security incidents.