CGEIT Certified in the Governance of Enterprise IT – Question313

IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:

A.
audit findings.
B. user access approval procedures.
C. a risk and benefit evaluation.
D. the impact to security.

Correct Answer: C