When a CEO requires access to data on a mobile device, what approach should be taken for security?

In this scenario, the primary goal is to ensure that the CEO can access necessary data on a mobile device while minimizing the security risks associated with that access. Adopting a risk management strategy such as mitigating and transferring risk is appropriate.

Mitigating risk involves taking steps to reduce the potential impact or likelihood of threats. This can include using robust security measures such as security patches, firewalls, and antivirus software, which can strengthen the overall security posture. On the other hand, transferring risk refers to moving the risk exposure to another party, often through insurance or outsourcing certain functions to trusted third-party service providers. This dual approach allows organizations to balance the need for access to data with the protection necessary to manage threats effectively.

The other options may address security aspects but do not encompass a comprehensive approach to managing the risks involved in mobile access to sensitive data. For instance, while data encryption on the device is important for protecting data at rest, if other controls are not in place, it might not be sufficient alone. Similarly, disallowing any external connections may hinder productivity and accessibility, which is often critical in a mobile context, especially for someone in a leadership position. Implementing biometric access controls can enhance security for device access but does not address the broader