A large number of exceptions to an organization’s information security standards have been granted after senior management approved a bring your own device (BYOD) program. To address this situation, it is MOST important for the information security manage to:

A. introduce strong authentication on devices
B. reject new exception requests
C. require authorization to wipe lost devices
D. update the information security policy