If executive management has acknowledged the risks of adding tablets to the information systems environment, what action should be taken?

The appropriate action, when executive management has acknowledged the risks associated with adding tablets to the information systems environment, is to reduce the risk. This involves implementing measures to mitigate the identified risks to an acceptable level. Risk reduction can include deploying security controls such as encryption, ensuring secure access through authentication methods, employee training on security best practices, or deploying mobile device management (MDM) solutions to monitor and manage the tablets effectively.

This approach aligns with the principle of managing risk through proactive strategies rather than simply accepting, transferring, or eliminating it outright. While acceptance might suggest tolerating the risk without further action, and transferring it could involve passing the risk to another entity (like through insurance), those options may not adequately protect the organization from potential vulnerabilities introduced by the use of tablets. Eliminating the risk altogether may not be feasible, as it often involves removing the technology or its usage entirely, which could hinder operational efficiency or productivity.

Thus, reducing the risk through specific controls and measures is a constructive and practical response that allows the organization to benefit from the use of tablets while managing the associated risks effectively.