Within a large organization, the corporate security policy states that personal electronic devices
are not allowed to be placed on the company network. There is considerable pressure from the
company board to allow smartphones to connect and synchronize email and calendar items of
board members and company executives. Which of the following options BEST balances the
security and usability requirements of the executive management team?
A.
Allow only the executive management team the ability to use personal devices on the company
network, as they have important responsibilities and need convenient access.
B.
Review the security policy. Perform a risk evaluation of allowing devices that can be centrally
managed, remotely disabled, and have device-level encryption of sensitive data.
C.
Stand firm on disallowing non-company assets from connecting to the network as the assets
may lead to undesirable security consequences, such as sensitive emails being leaked outside the
company.
D.
Allow only certain devices that are known to have the ability of being centrally managed. Do not
allow any other smartphones until the device is proven to be centrally managed.