An enterprise has decided to utilize a cloud vendor for the first time to provide email as a service, eliminating in-house email capabilities. Which of the following IT strategic actions should be triggered by this decision?
A. Develop a data protection awareness education training program.
B. Monitor outgoing email traffic for malware.
C. Implement a data classification and storage management tool.
D. Update and communicate data storage and transmission policies.
An enterprise has identified a number of plausible risk scenarios that could result in economic loss associated with major IT investments. Which of the following is the BEST method to assess the risk?
A. Cost-benefit analysis
B. Qualitative analysis
C. Business impact analysis (BIA)
D. Quantitative analysis
An IT steering committee wants to select a disaster recovery site based on available nsk data Which of the following would BE ST enable the mapping of cost to risk?
A. Key risk indicators (KRIs)
B. Scenario-based assessment
C. Business impact analysis (BIA)
D. Qualitative forecasting
Establishing a uniform definition for likelihood and impact BEST enables an enterprise to:
A. reduce variance in the assessment of risk.
B. develop key risk indicators (KRIs).
C. prioritize threat assessment.
D. reduce risk appetite and tolerance levels.
What is the PRIMARY objective for performing an IT due diligence review prior to the acquisition of a competitor?
A. Document the competitor's governance structure.
B. Ensure that the competitor understands significant IT risks.
C. Assess the status of the risk profile of the competitor.
D. Determine whether the competitor is using industry-accepted practices.
An enterprise will be adopting wearable technology to improve business performance Whtch of the following would be the BEST way for the CIO to validate IPs preparedness for this initiative?
A. Request an enterprise architecture (EA) review.
B. Request reprioritization of the IT portfolio.
C. Perform a baseline business value assessment
D. Identify the penalties for noncompliance.
An airline wants to launch a new program involving the use of artificial intelligence (Al) and machine learning The mam objective of the program is to use customer behavior to determine new routes and markets Which of the following should be done NEXT?
A. Consult with the enterprise privacy function
B. Define the critical success factors (CSFs)
C. Present the proposal to the IT strategy committee
D. Perform a business impact analysis (BIA)
Which of the following is the BEST indication that information security requirements are taken into consideration when developing IT processes?
A. The database is deployed in a distributed processing platform
B. The information architecture incorporates data classification
C. Customer profiles are stored with a domestic service provider
D. The integrity of sensitive information is periodically reviewed
Which of the following is the MOST significant challenge faced by an enterprise when establishing information stewardship?
A. Lack of documented policies and procedures
B. Information requirements of regulatory authorities
C. Insufficient knowledge of IT practices and controls
D. Lack of role clarity and specific responsibilities
An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board Which of the following is MOST important to provide to the consultant before the audit begins?
A. Acceptance of the audit risks and opportunities
B. The scope and stakeholders of the audit
C. The organizational structure of the security office
D. The policies and framework used by the security office