Consider the following scenario.

A team within your organization has brought in a WiFi access point and

connected it to mobile phone to share its Internet connection with the team,

bypassing all controls your security personnel have put in place for devices

attached to your network. The team insists that this connection is business

critical and can't shut it down without a workable alternative. They've asked

you to come in and help them figure out how to conduct their business tasks

while maintaining compliance to cybersecurity policies.

Identify what controls you would recommend that implement the principles of

defense in depth while permitting the work the team needs to complete.

Classify those recommended controls according to their objective (prevent,

deter, correct, etc.).

Justify these choices with reference to the risks they're intended to mitigate.