Certified in the Governance of Enterprise IT (CGEIT) — Question 205
IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:
Answer options
- A. audit findings.
- B. user access approval procedures.
- C. a risk and benefit evaluation.
- D. the impact to security.
Correct answer: C
Explanation
The correct answer, C, emphasizes the need to weigh the risks against the benefits of allowing personal equipment for work. Options A and B focus on specific processes that are important but do not directly address the balance of risk and productivity. Option D, while relevant, does not encompass the broader evaluation necessary to make an informed policy change.