Exam CISM topic 1 question 377 discussion

BYOD refers to a policy that allows employees to use their personal devices to access corporate resources, such as email, files, and applications. This can increase productivity and reduce costs, but it also introduces significant security risks. Therefore, it is essential for the information security manager to ensure that appropriate security controls are in place to protect the organization's data and systems. One of the most important security controls for BYOD is to apply security controls to each device when joining the network. This can include requirements for strong passwords, encryption of data in transit and at rest, and installation of security software such as mobile device management (MDM) software. By applying these security controls, the information security manager can help to ensure that the devices accessing the organization's resources are secure and that the organization's data is protected.

When considering the adoption of bring your own device (BYOD), the information security manager needs to ensure that security risks are well understood and mitigated. Therefore, the most important consideration is that business leaders have an understanding of security risks.

Please pay attention to keywords: Considering whether. It means decision is not taken yet, so what do we need to do? Make sure leaders understand the risk before we decide

D -The business owners must understand a risk exists whether controls are implemented or not. Once they accept this you can set about your mitigation efforts.

Answer should be B, refer to the question 163 in the review manual V10. similar question as the official study guide

D. business leaders have an understanding of security risks

Business leaders needs to understand the risk

the answer is D. You have to know the risk involved with the activity

Business leaders can have the understanding of the risk but if users do not read and sign the acceptable agreement, the greater risk is still there. I choose C