A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy.
The information security manager should FIRST:
A . evaluate the business risk
B . evaluate a third-party solution
C . initiate an exception approval process
D . deploy additional security controls
Answer: A