CISA Certified Information Systems Auditor – Question0564

A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST:

A.
evaluate the business risk
B. evaluate a third-party solution
C. initiate an exception approval process
D. deploy additional security controls

Correct Answer: A