CISM Certified Information Security Manager – Question0433

A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST:

A.
evaluate a third-party solution.
B. deploy additional security controls.
C. evaluate the business risk.
D. initiate an exception approval process.

Correct Answer: C