The true statement about removable media and portable electronic devices (PEDs) is that removable media pose more security risks than portable electronic devices and are often restricted or not permitted in government facilities due to these concerns.
Key Points:
- Removable media include items like USB flash drives, external hard drives, optical discs, and memory cards that can be readily inserted and removed from systems.
- These media present significant risks such as the introduction of malware, data theft, and compromise of system confidentiality, integrity, and availability.
- Because of these risks, many organizations, particularly government and military, severely restrict or prohibit the use of removable media to protect sensitive information.
- While PEDs (like smartphones, tablets, laptops) also have security risks, removable media generally pose a greater threat because of ease of unauthorized data transfer and malware introduction.
- Policies often require using only organization-approved removable media and following strict guidelines for security, encryption, and handling to mitigate risks.
Hence, the correct understanding is that removable media pose higher risks than PEDs, and their use is tightly controlled or disallowed in secure environments.