Assessing the security of the devices entering the CIO’s domain