The correct answer isCbecauseinsufficient IoT policies and procedurescreate the greatest security risk. In an environment with many IoT devices, governance and control are essential. Without clear policies and procedures, the organization may fail to define security requirements, ownership, configuration standards, patching responsibilities, access restrictions, monitoring expectations, and acceptable use requirements. This creates widespread unmanaged exposure across the network.

The other choices are less significant from a security-risk perspective:

A. Inadequate network bandwidthis mainly a performance issue.

B. Lack of interoperability between IoT devicesis primarily an operational or compatibility issue.

D. Increased maintenance costs for IoT devicesis a financial concern, not the greatest direct security risk.

Exact Extracts supporting the answer:

“When evaluating risks related to Internet of Things (IoT) devices used on enterprise networks the first recommendation should address IoT devices with hard-coded passwords.”

“Enterprise policies are the most influential factor in determining an enterprise’s approach to risk management.”

“The BEST way to identify IS control deficiencies is through defined control objectives.”

“The MOST important criterion when reviewing information security controls is ensuring that the controls are effectively addressing risk.”

These extracts show that IoT risk must be addressed through governance, defined requirements, and effective controls. Since policies and procedures establish how IoT devices are secured and managed, insufficient IoT policies and procedures present the greatest security risk.

===========