Certified in the Governance of Enterprise IT (CGEIT) — Question 221

Which of the following should be the MAIN governance focus when implementing a newly approved bring your own device (BYOD) policy?

Answer options

• A. Recommending mobile applications that will increase business productivity
• B. Training employees on the enterprise's chosen mobile device management (MDM) system
• C. Educating employees on the increased IT security risk to the enterprise
• D. Understanding knowledge gaps of IT employees to support different mobile platforms

Correct answer: C

Explanation

The correct answer is C because it is crucial to inform employees about the increased IT security risks associated with BYOD, as this directly impacts the organization's security posture. While training on the MDM system (B) and recommending productivity apps (A) are important, they do not address the overarching security concerns. Understanding IT knowledge gaps (D) is beneficial but does not take precedence over educating employees on security risks.