IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:
A. audit findings.
B. user access approval procedures.
C. a risk and benefit evaluation.
D. the impact to security.
A. audit findings.
B. user access approval procedures.
C. a risk and benefit evaluation.
D. the impact to security.