A Chief Security Officer (CSO) is concerned about the amount of PII stored locally on salespersons' laptops. Which recommendation would BEST address the CSO's concern?

Implementing managed full disk encryption (FDE) is a highly effective measure for addressing the concerns of a Chief Security Officer (CSO) regarding the protection of personally identifiable information (PII) stored locally on salespersons' laptops. Managed FDE encrypts the entire hard drive, ensuring that all data, including PII, stored on the laptop is protected from unauthorized access, particularly in the event of loss or theft.

When employing managed FDE, the encryption keys can be stored and managed centrally, making it easier for the organization to maintain control over access to sensitive data. This centralized management allows for policies to be enforced, ensuring that only authorized personnel have the ability to access the decryption keys, thereby enhancing the overall security posture of the organization.

This approach provides a strong layer of protection because, without the decryption key, even if the hard drive is removed from the laptop, the data remains inaccessible to anyone who does not have the proper authorization. This is particularly important for devices like laptops that are prone to being lost or stolen, thus guarding against data breaches that could result from such incidents.

The other options, although beneficial in different contexts, do not directly provide the same level of data protection as managed FDE. For example, Mobile