During a recent user awareness and training session, a new staff member asks the Chief
Information Security Officer (CISO) why the company does not allow personally owned devices
into the company facilities. Which of the following represents how the CISO should respond?

A.
Company A views personally owned devices as creating an unacceptable risk to the
organizational IT systems.

B.
Company A has begun to see zero-day attacks against personally owned devices disconnected
from the network.

C.
Company A believes that staff members should be focused on their work while in the
company’s facilities.

D.
Company A has seen social engineering attacks against personally owned devices and does
not allow their use.