A.  

Critical risks

B.  

Technology cost savings

C.  

Threat landscape

D.  

Security events

A.  

improving the business requirements gathering process

B.  

improving the negotiation process for service level agreements (SLAs)

C.  

implementing a vendor performance scorecard

D.  

assigning responsibility for vendor management

A.  

Internal rate of return

B.  

Recovery time objective (RTO)

C.  

Cost-benefit analysis

D.  

Resource utilization analysis

A.  

Ensure the infrastructure can meet BYOD requirements.

B.  

Establish a business case.

C.  

Define a clear and inclusive BYOD policy.

D.  

Focus on securing data and access to data.

A.  

The method provides a platform for all departments to contribute to the risk assessment.

A.  

Strategic processes that require expert professionals

B.  

Processes with higher risk to the enterprise

C.  

Non-strategic processes that are not documented

D.  

Operational processes that are well-defined

A.  

Provide incentives for IT staff to attend outside conferences and training

B.  

Create a standard-setting center of excellence for IT.

C.  

Require human resources (HR) to recruit new talent using an established IT skills matrix.

D.  

Establish an agreed-upon skills development plan with each employee

A.  

IT skill development plan

B.  

IT organizational structure

C.  

IT skills inventory

D.  

IT strategic plan

A.  

technology strategy.

B.  

value statements.

C.  

service level agreements (SLAs).

D.  

business strategy.

A.  

Ensure IT has knowledgeable representation and is included in the strategic planning process.

B.  

Increase the IT budget and approve an IT staff level increase to ensure resource availability for the strategy change.

C.  

Initiate an IT service awareness campaign to business system owners and implement service level agreements (SLAs).

D.  

Outsource both IT operations and IT development and implement controls based on a standardized framework.

A.  

perform a business impact analysis (BIA).

B.  

reallocate the budget to close the gap in resources.

C.  

reduce business requirements.

D.  

negotiate best pricing for contracted resources.

A.  

The enterprise's organizational structure

B.  

The enterprise's risk appetite

C.  

The current IT process capability maturity

D.  

The IT strategic plan

A.  

Use a balanced scorecard to track the business process.

B.  

Ensure the appropriate involvement Of the legal department.

C.  

Review and revise the business architecture.

D.  

Seek approval from the change management board.

A.  

IT performance metrics

B.  

Resource allocation

C.  

Business leadership

D.  

Business risk

A.  

Assign the responsibility for periodic revisions and changes to process owners.

B.  

Require each IT employee to confirm compliance with IT procedures on an annual basis.

C.  

Include the update of documentation within the change management framework.

D.  

Establish high-level procedures to minimize process changes.

A.  

recommend blocking access to social media.

B.  

review current level of social media usage.

C.  

initiate an assessment of the impact on the business.

D.  

reassess the enterprise's bring your own device (BYOD) policy.

A.  

Review the enterprise IT procurement policy.

B.  

Re-negotiate contracts with vendors to request discounts.

C.  

Require updates to the IT procurement process.

D.  

Conduct an audit to investigate utilization of cloud services.

A.  

IT policies and procedures that need revision

B.  

Resource burden for implementation

C.  

Gaps in skills and experience of IT employees

D.  

Impact on contracts with service providers

A.  

Treat as a risk to be assessed before developing a response.

B.  

Benchmark how other IT organizations are treating the new requirements.

C.  

Adopt a zero-tolerance approach for noncompliance with regulatory matters.

D.  

Use a cost-benefit analysis to determine if compliance is warranted.

A.  

Understand corporate culture and IT'S role in providing business value.

B.  

Understand critical IT processes to define the scope of the IT governance framework.

C.  

Verify stakeholder sponsorship of the IT governance initiative.

D.  

Develop an IT balanced scorecard to monitor and track IT performance.

A.  

Key performance indicators (KPIs)

B.  

Return on investment (ROI) analysis

C.  

Service level agreement (SLA) reporting

D.  

Staff performance evaluations

A.  

Organizational responsibility for IT risk management is not clearly defined.

B.  

None of the members of the IT risk management team have risk management-related certifications.

C.  

Only a few key risk indicators (KRIs) identified by the IT risk management team are being monitored and the rest will be on a phased schedule.

D.  

IT risk training records are not properly retained in accordance with established schedules

A.  

Enforcement Of a standardized policy across all regions

B.  

Availability of adequate resources to provide support for new users

A.  

Set management goals to hire cooperative work experience students.

B.  

Specify minimum training hours required for continuing professional education.

C.  

Require balanced scorecard concepts training of all employees.

D.  

Add achievement of competencies to employee performance goals.

A.  

IT steering committee

B.  

Business process owners

C.  

Chief information officer (CIO)

D.  

Board of directors

A.  

Revise initiatives that are active to reflect the new requirements.

B.  

Confirm there are adequate resources to mitigate compliance requirements.

C.  

Consult with legal and risk experts to understand the requirements.

D.  

Consult with the board for guidance on the new requirements

A.  

CEO

B.  

Human resource (HR) director

C.  

IT strategy committee

D.  

CIO

A.  

Update data management policies.

A.  

Reduces IT operational training costs

B.  

Reduces response time

C.  

Optimizes infrastructure investments

D.  

Meets regulatory compliance requirements

A.  

Utilize third parties for non-value-added processes.

B.  

Align the business strategy with the IT strategy.

C.  

Review the current IT strategy.

D.  

Review the IT risk appetite.

A.  

Updating the configuration management database (CMDB)

B.  

Empowering the business to embrace the changes

C.  

Ensuring a return to stabilized business operations

D.  

Updating the enterprise architecture (EA)

A.  

recommendation Of business owners.

B.  

alignment with IT architecture.

A.  

IT senior management selects the vendor.

B.  

A vendor risk assessment is conducted

C.  

ERP data mapping is approved by the enterprise architect.

D.  

Procurement provides the terms of the contract.

A.  

Risk register

B.  

Risk ownership

C.  

Risk tolerance

D.  

Risk training

A.  

Conducting internal and external audits

B.  

Implementing controls to manage risk

C.  

Monitoring risk and controls

D.  

Identifying and assessing risk

A.  

Data collection for the metrics is automated.

B.  

The metrics can be traced to enterprise goals.

C.  

Minimum target levels are realistic.

D.  

Thresholds align to key risk indicators (KRIs).

A.  

Decisions are made with an awareness of probability and impact.

B.  

IT objectives and goals are aligned to business objectives and goals.

C.  

Business opportunity losses are minimized.

D.  

Innovative strategic initiatives are encouraged.

A.  

Develop training programs based on results of an IT staff survey of preferences.

B.  

Embed training metrics into the annual performance appraisal process.

C.  

Promote IT-specific training awareness program.

D.  

Research and identify training needs based on industry trends.

A.  

Related risks are consolidated into one scenario for analysis.

B.  

Risk events are identified bottom-up and top-down.

C.  

Risk identification leverages past audit and compliance reports.

D.  

Risk scenario narratives are summarized and limited in length.

A.  

Balanced scorecard

B.  

Milestone chart

C.  

Performance management

D.  

Critical risk and issue walk through

A.  

benchmark policy against industry best practice.

A.  

a maturity assessment.

B.  

benchmarking.

C.  

a cost-benefit analysis.

D.  

a risk assessment.

A.  

It improves communication with senior management and the business.

B.  

It ensures the adoption of enterprise data quality standards.

C.  

It enables the tracing of data to business functions.

D.  

It facilitates appropriate access to data consumers.

A.  

Enterprise architecture (EA)

B.  

Risk assessment report

C.  

Business user satisfaction metrics

D.  

Audit findings

A.  

IT strategic plan

B.  

IT skills inventory

C.  

IT organizational structure

D.  

IT skill development plan

A.  

Include key performance indicators (KPls) in a monthly newsletter.

B.  

Share the business case with stakeholders.

C.  

Post the project management report to the enterprise intranet site.

A.  

Skills and competencies

B.  

Principles and policies

C.  

Corporate culture

D.  

Business processes

A.  

Enterprise architecture (EA) review board

B.  

Business process improvement workgroup

C.  

Audit committee

D.  

Risk management committee

A.  

Key risk indicators (KRIs)

B.  

Scenario-based assessment

C.  

Business impact analysis (BIA)

D.  

Qualitative forecasting

A.  

Implement a balanced scorecard for the IT project portfolio.

B.  

Establish a portfolio manager role to monitor and control the IT projects.

C.  

Require business cases to have product life cycle information.

D.  

Mandate an enterprise architecture (EA) review with business stakeholders.

A.  

Balanced scorecard

B.  

Control self-assessment (CSA)

C.  

Gap analysis

D.  

Audit reports

A.  

cost burden to achieve compliance.

B.  

readiness of IT systems to address the risk.

C.  

risk profile of the enterprise.

D.  

disruption to normal business operations.

A.  

The change has been requested by the business department and approved by the data owner.

B.  

The change is documented in preparation for future audits.

C.  

The change maintains consistency among databases and has no other impacts.

D.  

The change is a temporary fix for the incident, and the permanent solution is addressed by problem management.

A.  

Implementing processes for data collection and use

B.  

Ensuring compliance with data privacy laws and regulations

C.  

Establishing data quality requirements and metrics

D.  

Developing data-related policies and procedures

A.  

A RACI chart

B.  

An increased IT budget

C.  

Well-trained IT staff

D.  

Effective culture change

A.  

Organizational structure, including accountable partes

B.  

Data classification and related security policy

C.  

Context of the breach, including data ownership and location

D.  

Details of how the breach occurred and related incident response efforts

A.  

updating the business case throughout its life cycle.

B.  

addressing required changes outside the business case.

C.  

identifying metrics post-implementation to measure project success.

D.  

entering the business case into the enterprise architecture (EA).

A.  

Reviewing the information governance framework

B.  

Selecting best-of-breed cloud offerings

C.  

Updates the enterprise architecture (EA) repository

D.  

Conducting IT staff training to manage cloud workloads

A.  

Ask project management to define the IT activities for accomplishing the strategy.

B.  

Request IT senior leaders to collectively plan tactics for execution

C.  

Have IT leaders independently develop goals for their teams.

D.  

Provide specific direction for execution of the tasks across IT.

A.  

Determining risk thresholds that the enterprise can sustain

B.  

Preparing business continuity and resiliency plans

C.  

Providing a means to effectively manage stakeholders

D.  

Monitoring strategic plans to reach the desired target state

A.  

Publish and enforce a code of conduct policy.

B.  

Provide access to legal resource benefits.

C.  

Establish and communicate a whistle-blower policy.

D.  

Provide protection language in employment contracts.

A.  

Project management office with business and IT representatives

B.  

Weekly project reports reviewed by business and IT management

C.  

Project status updates on the intranet

D.  

A steering committee involving business and IT

A.  

Conduct scheduled and random compliance audits.

B.  

Mandate annual ethics training that includes an exam.

C.  

Require external business activities be documented and reported.

D.  

Distribute a copy of the code and require a signature.

A.  

Document procedures for securing personal devices.

B.  

Improve training courses on securing corporate information.

C.  

Perform a risk assessment on personal device data protection.

D.  

Update the corporate security policy to include personal devices.

A.  

Perform a maturity assessment.

B.  

Implement a RACI model.

C.  

Refine the human resource management plan.

D.  

Update the IT strategy.

A.  

Frequency of updates to the IT risk register

B.  

Time lag between when IT risk is identified and the enterprise's response

C.  

Number of events impacting business processes due to delays in responding to risks

D.  

Percentage of business users satisfied with the quality of risk training

A.  

Calculating the cost of the current solution

B.  

Updating the business risk profile

C.  

Changing the IT steering committee charter

D.  

Revising the business's balanced scorecard

A.  

perform process modeling.

B.  

outsource infrastructure management.

C.  

develop a robust enterprise architecture (EA).

D.  

implement open-source systems.

A.  

Training budget allocated for IT staff

B.  

Training effectiveness reports

C.  

Technology direction of the enterprise

D.  

A recent IT skills matrix

A.  

Build a governance framework for identifying non-standard processes.

B.  

Request funding from the CEO to hire ERP consultants.

C.  

Ask the CEO to be the sponsor of the program

D.  

Engage a reluctant business unit to conduct a proof-of-concept pilot.

A.  

Measure progress towards IT objectives and communicate the results to IT staff.

B.  

Incorporate IT objectives into individual performance evaluations.

C.  

Develop communication materials to promote the new IT strategy and objectives.

D.  

Require IT managers to assign activities aligned to the IT objectives.

A.  

Reviewing and testing disaster recovery plans (DRPs)

B.  

Ensuring staff has the necessary technology to be productive

C.  

Ensuring remote work policies are updated and communicated

D.  

Revising IT performance monitoring metrics

A.  

Cloud implementation model

B.  

User experience

C.  

Information ownership

D.  

Third-party access rights

A.  

Enterprise architecture (EA)

B.  

IT risk register

C.  

Balanced scorecard measures

D.  

IT strategic plan

A.  

roles and responsibilities that link to IT objectives.

B.  

specific resourcing requirements for identified IT projects.

C.  

frameworks that will be aligned to IT programs.

D.  

implications of the strategy on the procurement process.

A.  

identify IT services that currently support the enterprise’s capability.

B.  

define policies for data, applications, and organization of infrastructure.

C.  

identify the role of IT in supporting the business.

D.  

prioritize how much and where to invest in IT.

A.  

Extract training requirements from deficiencies reported in customer service satisfaction surveys.

B.  

Ask managers to determine IT training requirements annually.

C.  

Determine training needs based on the capabilities to support the IT strategy.

D.  

Survey employees for IT skills requirements based upon technology trends.

A.  

monitor whether the chosen strategy is successful

B.  

visualize how the strategy will be achieved.

C.  

demonstrate commitment to IT governance.

D.  

clarify the cause-and-effect relationship of the strategy.

A.  

Outsource the compliance process.

B.  

Appoint a compliance officer.

C.  

Update the organization's risk profile.

D.  

Have executive management monitor compliance.

A.  

Internal audit

B.  

Data architect

C.  

Business analyst

D.  

Data steward

A.  

capture source information and supporting evidence.

B.  

improve business process controls.

C.  

review information event logs tor potential incidents.

D.  

review retention requirements for source information.

A.  

Data maintained by vendors

B.  

Vendors and outsourced systems

C.  

Application and data owners

D.  

Information classification scheme

A.  

IT balanced scorecard

B.  

IT strategy

C.  

Return on investment (ROI)

D.  

Key risk indicators (KRIs)

A.  

Overall costs are optimized

B.  

Operational costs are maintained

C.  

Information availability is improved

D.  

Compliance with regulatory requirements is ensured

A.  

Business staff report identified IT risks.

B.  

IT risks are communicated to the business.

C.  

IT risk-related policies are published.

D.  

The IT infrastructure is resilient.

A.  

Ask business stakeholders to discuss their vision for the new strategy.

B.  

Cancel projects with a net present value (NPV) below a defined threshold.

C.  

Conduct a risk assessment against the potential new services.

D.  

Start re-allocating budget to projects involving mobile or cloud.

A.  

Service level targets align with business requirements.

B.  

Employee-owned devices will be covered by the service.

C.  

The MDM services are delivered via a cloud.

D.  

Technology-owned devices will be covered by the service

A.  

revisit prioritization of IT projects.

B.  

adjust IT strategy as needed.

C.  

measure efficiency of IT resources.

D.  

re-assess the IT investment portfolio.

A.  

Cost savings and human resource optimization

B.  

Business value and customer satisfaction

C.  

IT risk identification and mitigation

D.  

Comprehensive IT policies and procedures

A.  

Practical and enforceable policies

B.  

Automated compliance tracking

C.  

Comprehensive and timely audit reviews

D.  

Periodic peer reviews

A.  

Obtain stakeholders' input regarding the ethics associated with machine learning

B.  

Revise the code of conduct to discourage bias within automated processes

C.  

Develop a machine learning policy articulating guidelines for machine learning use

D.  

Assess recent case law related to the enterprise's machine learning business strategy

A.  

Quantify the business value of information assets

B.  

Perform an information gap analysis

C.  

Review information classification procedures

D.  

Evaluate information access methods

A.  

Business impact analysis (BIA) results

B.  

Regulatory requirements

C.  

Sustainability costs to the enterprise

D.  

Potential implementation barriers

A.  

key information for IT service level management.

B.  

reference models to align IT with business.

C.  

IT standards for application development

D.  

business information for IT capacity planning.

A.  

Enterprise code of ethics

B.  

Risk mitigation strategies and action plans

C.  

Documented consequences for noncompliance

D.  

Enterprise RACI matrix

A.  

Include a complete IT risk register in the monthly letter given to each board member.

B.  

Include key IT risks in a dashboard submitted to the board quarterly.

C.  

Submit a register of all IT audit findings to board members monthly.

D.  

Schedule quarterly meetings to discuss all open IT risks.

A.  

Align with business risk management processes.

B.  

Establish a risk management function.

C.  

Minimize the number of IT risk management decision points.

D.  

Adopt risk management processes.

A.  

Security controls may not meet IT requirements.

B.  

The enterprise does not have the skills to manage the solutions.

C.  

The solutions conflict with IT goals and objectives.

D.  

The solution may conflict with existing enterprise goals.

A.  

Establish key performance indicators (KPls)

B.  

Appoint a procurement oversight committee

C.  

Establish key risk indicators (KRIs).

D.  

Implement contract monitoring.

A.  

Update the risk management framework

B.  

Determine whether the board wants to comply with the regulation

C.  

Assess the risk associated with the new regulation

D.  

Request an action plan from the risk team

A.  

Cost-benefit analysis

B.  

Contract management office

C.  

Service level agreements (SLAs)

D.  

Procurement framework

A.  

Request an enterprise architecture (EA) review.

B.  

Request reprioritization of the IT portfolio.

C.  

Perform a baseline business value assessment

D.  

Identify the penalties for noncompliance.

A.  

disruption to normal business operations.

B.  

risk profile of the enterprise.

C.  

readiness of IT systems to address

D.  

the risk cost burden to achieve compliance.

A.  

Capability maturity model

B.  

Cost-benefit analysis

C.  

Skills competency assessment

D.  

Annual performance evaluation

A.  

Communicate the new IT objectives during a staff meeting.

B.  

Define individual performance measures related to the IT objectives.

C.  

Establish IT management's performance measures based on the IT objectives.

D.  

Update the IT balanced scorecard to align with the new IT objectives.

A.  

Data stewardship

B.  

Data encryption

C.  

Data classification

D.  

Data modeling

A.  

reduce variance in the assessment of risk.

B.  

develop key risk indicators (KRIs).

C.  

prioritize threat assessment.

D.  

reduce risk appetite and tolerance levels.

A.  

Update the enterprise architecture (EA).

B.  

Perform a business impact analysis (BIA.

C.  

Conduct a gap analysis.

D.  

Develop a communication plan to support the merger.

A.  

Revise the enterprise architecture (EA).

B.  

Review IT performance objectives and indicators.

C.  

Evaluate IT capabilities and resources.

D.  

Identify changes in enterprise goals.

A.  

performance.

B.  

value.

C.  

capabilities.

D.  

outcome.

A.  

information technology risk.

B.  

framework development cost.

C.  

information technology strategy.

D.  

stakeholders' support.

A.  

A risk assessment to determine the appropriate controls

B.  

Updated enterprise architecture (EA)

C.  

Skills gap analysis

D.  

The additional cost of encrypting sensitive data

A.  

Engage human resources (HR) for recruitment of new staff.

B.  

Request the development of a succession plan.

C.  

Review motivation drivers for key IT staff.

D.  

Evaluate lower-level staff as succession candidates.

A.  

a RACI chart.

B.  

an organizational breakdown structure.

C.  

a work breakdown structure.

A.  

Perform a risk assessment on potential outsourcing.

B.  

Update the enterprise architecture (EA) with the new technology.

C.  

Review the IT balanced scorecard for sourcing opportunities.

D.  

Assess the gap between current and required staff competencies.

A.  

Develop a data protection awareness education training program.

B.  

Monitor outgoing email traffic for malware.

C.  

Implement a data classification and storage management tool.

D.  

Update and communicate data storage and transmission policies.

A.  

Support for increased sales

B.  

Risk associated with each option

C.  

Industry best practices

D.  

Business value impact

A.  

Business dependency assessment

B.  

Business process analysis

C.  

Business case evaluation

D.  

Business impact analysis (BIA)

A.  

Document the competitor's governance structure.

B.  

Ensure that the competitor understands significant IT risks.

C.  

Assess the status of the risk profile of the competitor.

D.  

Determine whether the competitor is using industry-accepted practices.

A.  

Establish service level agreements (SLAs) with the development team.

B.  

Identify key risks and mitigation strategies for mobile applications.

C.  

Implement key performance indicators (KPIs) that include application quality.

D.  

Identify business requirements concerning mobile applications.

A.  

The information steward manages the systems that process the relevant data.

B.  

The information steward has expertise in managing data quality systems.

C.  

The information steward is closely aligned with the business function.

D.  

The information steward is part of the information architecture group.

A.  

Establish a change management process.

B.  

Obtain top management support and ownership.

C.  

Ensure compliance with corporate policy.

D.  

Benchmark against best practices.

A.  

architecture.

B.  

policies.

C.  

strategies.

D.  

controls.

A.  

Information architect

B.  

Information analyst

C.  

Information steward

D.  

Information owner

A.  

Acceptable use policy

B.  

Risk register

C.  

Ethics standards

D.  

Change management policy

A.  

The business leader who is most impacted by the loss of data.

B.  

The risk manager who is responsible for protecting data stored in the cloud.

C.  

The contract manager who monitors the security of the cloud provider.

D.  

The vendor who submits the data to the organization via online forms

A.  

CIO

B.  

Internal audit director

C.  

Application users

D.  

The board of directors

A.  

Defining cross-departmental budget allocation

B.  

Conducting a systemic risk assessment

C.  

Developing independent business cases

D.  

Establishing a steering committee with business representation

A.  

Information auditor

B.  

Information architect

C.  

Information steward

D.  

Information analyst

A.  

Monitor new key risk indicators (KRIs).

B.  

Measure return on IT investments against balanced scorecards.

C.  

Review and update the portfolio management process.

D.  

Map IT programs to business goals.

A.  

Identification of optimal business resources

B.  

Establishment of a performance metric system

C.  

Ranking of critical business risks

D.  

Assurance of the execution of business controls

A.  

Establishment of an IT steering committee

B.  

Standards-based reference architecture and design specifications

C.  

Establishment of standard vendor and technology designations

D.  

Design of policies and procedures

A.  

IT capacity utilization and availability.

B.  

Cost/benefit to the business.

C.  

Available IT budget.

D.  

Business user requests

A.  

Balanced scorecard

B.  

Capability maturity levels

C.  

Performance indicators

D.  

Critical success factors (CSFs)

A.  

mandating board-approved enterprise risk management (ERM) modifications.

B.  

requiring the establishment of an enterprise risk management (ERM) framework.

C.  

requiring the establishment of an enterprise-wide program management office.

D.  

ensuring the cost-effectiveness of the internal control system.

A.  

Revising the business $ balanced store card

B.  

Updating the business risk profile

C.  

Changing the IT steering committee charter

D.  

Calculating the cost of the current solution

A.  

Procurement management plan

B.  

Organizational change management plan

C.  

Risk response plan

D.  

Resource management plan

A.  

Data encryption tools

B.  

Data loss prevention tools

C.  

Data classification policy

D.  

Data retention policy

A.  

Frequency and quantity of information updates

B.  

Information to justify business cases

C.  

Incorporation of emerging technologies

D.  

Access to and exchange of information

A.  

Authorize a risk analysis of the practice.

B.  

Update data governance practices.

C.  

Revise the information security policy.

D.  

Recommend the use of a private cloud.

A.  

An enterprise risk mitigation strategy

B.  

Leading and lagging risk indicators

C.  

IT performance metrics and standards

D.  

Enterprise definitions for risk impact and probability

A.  

Implement controls to block the installation of unapproved applications.

B.  

Educate the executive team about the risk associated with shadow IT applications.

C.  

Provide training to the help desk to identify shadow IT applications.

D.  

Review and update the application implementation process.

A.  

Review the resource utilization matrix.

B.  

Recruit IT resources based on the expansion decision.

C.  

Embed IT personnel in the business units.

D.  

Update the IT strategic plan to align with the decision.

A.  

A risk management framework

B.  

Mandatory risk awareness courses for staff

C.  

A risk recognition and reporting policy

D.  

Commitment from senior management

A.  

Develop key performance indicators (KPIs) to measure enterprise adoption.

B.  

Integrate data encryption requirements into existing and planned projects.

C.  

Assign owners for data governance initiatives.

D.  

Mandate the creation of a data governance framework.

A.  

Stakeholder satisfaction surveys

B The project's net present value (NPV)

B.  

The project's business case

C.  

Operating metrics of the new system

A.  

Executive management has announced an information security risk initiative.

B.  

IT management has communicated the need for information security risk management to the business.

C.  

A policy has been communicated stating enterprise commitment and readiness to address information security risk.

D.  

Procedures have been established for assessing and mitigating information security risks.

A.  

Review the IT investments.

B.  

Reorganize the IT projects portfolio.

C.  

Re-evaluate the business case.

D.  

Review the IT governance structure.

A.  

Require an update to enterprise data policies.

B.  

Request an impact analysis.

C.  

Review documented data interdependence.

D.  

Validate against existing architecture.

A.  

Program manager

B.  

IT steering committee chair

C.  

CIO

D.  

Business sponsor

A.  

Balanced scorecard

B.  

Capability maturity levels

C.  

Performance indicators

D.  

Critical success factors (CSFs)

A.  

Authenticating access to information assets based on roles or business rules.

B.  

Implementing multi-factor authentication controls

C.  

Granting access to information based on information architecture

D.  

Engaging an audit of logical access controls and related security policies

A.  

Identify business risk appetite and tolerance levels.

B.  

Quantify the risk impact and evaluate possible countermeasures.

C.  

Limit the personal data available to the high-risk countries.

D.  

Mandate the strengthening of user access controls.

A.  

Recommending mobile applications that will increase business productivity

B.  

Training employees on the enterprise's chosen mobile device management system

C.  

Educating employees on the increased IT security risk to the enterprise

D.  

Understanding knowledge gaps of IT employees to support different mobile platforms

A.  

On-time and on-budget delivery of strategic projects

B.  

Improvement in IT balanced scorecard performance

C.  

Optimization of IT investment in supporting business objectives

D.  

Reduced organizational resistance during strategy execution

A.  

Conduct an enterprise risk assessment.

B.  

Implement a cross-training program.

C.  

Assign resources based on business priorities.

D.  

Assign resources based on risk appetite.

A.  

Enterprise architecture (EA)

B.  

Enterprise risk framework

C.  

IT service management

D.  

IT project roadmap

A.  

Request an assessment of current in-house mobile technology skills.

B.  

Create a sense of urgency with the IT team that mobile knowledge is mandatory.

C.  

Procure contractors with experience in mobile application development.

D.  

Task direct reports with creating training plans for their teams.

A.  

Cost management

B.  

IT strategic sourcing

C.  

Standardization

D.  

Business agility

A.  

Benchmark risk framework against best practices.

B.  

Calculate financial impact for each IT risk finding.

C.  

Periodically review the IT risk register entries.

D.  

Integrate IT risk into enterprise risk management (ERM).

A.  

Business data owners were not consulted.

B.  

The new policies Increase the cost of data backups.

C.  

Data backups will be hosted at third-party locations.

D.  

The retention period for data backups is Increased.

A.  

The IT steering committee approves the implementation efforts.

B.  

The CIO communicates why IT governance is important to the enterprise.

C.  

Implementation follows an IT audit recommendation.

D.  

The CIO issues a mandate for adherence to the program.

A.  

Assign individuals responsibilities and accountabilities for management of risks.

B.  

Make staff aware of the risks in their area and risk management techniques.

C.  

Provide financial resources for risk management systems.

D.  

Document procedures and reporting processes.

A.  

assure IT sustains and extends the enterprise strategies and objectives.

B.  

expedite IT investments among other competing business investments.

C.  

establish IT initiatives focused on the business strategy.

D.  

allow IT to optimize confidentiality, integrity, and availability of information assets.

A.  

Inconsistent customer service and reporting

B.  

Loss of data confidentiality

C.  

Lack of network availability

D.  

Inadequate business continuity planning

A.  

Incident severity and downtime trend analysis

B.  

Probability and seventy of each IT risk

C.  

Financial losses and bad press releases

D.  

Customer and stakeholder complaints over time

A.  

align IT project portfolio with regulatory requirements.

B.  

create an IT balanced scorecard.

C.  

identify the penalties for noncompliance.

D.  

perform a current state assessment.

A.  

Reevaluate the offshoring strategy.

B.  

Abandon the current IT strategy.

C.  

Continue with the existing IT strategy.

D.  

Reevaluate the current IT strategy.

A.  

Data classification

B.  

Data encryption

C.  

Data modeling

D.  

Data stewardship

A.  

culture.

B.  

level of outsourcing.

C.  

enterprise architecture (EA).

D.  

maturity of IT processes.

A.  

Reviewing IT design with business process managers

B.  

Reviewing business strategy with senior management

C.  

Mapping business processes within a framework

D.  

Aligning business objectives to organizational strategy