A large number of exceptions to an organization's information security standards have been granted after senior management approved a bring your own device (BYOD) program. To address this situation, it is MOST important for the information security manager to:

A. introduce strong authentication on devices.
B. reject new exception requests.
C. update the information security policy.
D. require authorization to wipe lost devices.