Which of the following is MOST important for an IS auditor to verify when reviewing an organization`s information security practices following the adoption of a bring your own device (BYOD) program? 

Answer options:

A. Only applications approved by information security may be installed on devices.
B. The expected benefits of adopting the BYOD program have been realized.
C. Security policies have been updated to include BYOD.D. Remote wipe is enabled for devices allowed by BYOD.

C