A CEO requests access to corporate documents from a mobile device that does not comply with organizational policy. The information security manager should FIRST: 

Answer options:

A. evaluate a third-party solution.
B. deploy additional security controls.
C. evaluate the business risk.
D. initiate an exception approval process.

C