An employee has just reported the loss of a personal mobile device containing corporate information.
Which of the following should the information security manager do FIRST?
A . Disable remote access
B . Initiate a device reset
C . Initiate incident response
D . Conduct a risk assessment
Answer: D