The board of directors of a large organization has directed IT senior management to improve IT governance within the organization. IT senior management's MOST important course of action should be to:

A. understand the driver that led to a desire to change.

B. assess the current slate of IT governance within the organization.

C. review IT strategy and direction.

D. analyze IT service levels and performance.

Which of the following is the BEST way to ensure all enterprise employees understand the corporate code of business conduct?

A. Conduct scheduled and random compliance audits.

B. Mandate annual ethics training that includes an exam.

C. Require external business activities be documented and reported.

D. Distribute a copy of the code and require a signature.

Which of the following is the BEST way to ensure the continued usefulness of IT governance reports for stakeholders?

A. Conduct quarterly audits and adjust reporting based on findings.

B. Establish a standard process for providing feedback.

C. Rely on IT leaders to advise when adjustments should be made.

D. Issue frequent service level satisfaction surveys.

Which of the following is MOST important for the effective design of an IT balanced scorecard?

A. On-demand reporting and continuous monitoring

B. Consulting with the CIO

C. Emphasizing the financial results

D. Identifying appropriate key performance indicators (KPls)

Business management is seeking assurance from the CIO that controls are in place to help minimize the risk of critical IT systems being unavailable during month-end financial processing. What is the BEST way to address this concern?

A. Create a communication plan with risk owners.

B. Outsource infrastructure hosting.

C. Restrict and monitor user access.

D. Develop key risk indicators (KRIs) and action plans.

Which of the following is the PRIMARY purpose of an effective set of key risk indicators (KRIs)?

A. Identifying possible future adverse impacts on the enterprise

B. Evaluating existing technology for risk monitoring capabilities

C. Establishing executive level buy-in of the risk program

D. Quantifying the productivity of the risk management team

An enterprise incurred penalties for noncompliance with privacy regulations. Which of the following is MOST important to ensure appropriate ownership of access controls to address this deficiency?

A. Granting access to information based on information architecture

B. Engaging an audit of logical access controls and related security policies

C. Implementing multi-factor authentication controls

D. Authenticating access to information assets based on roles or business rules

Which of the following is the BEST way for a CIO to secure support for a strategy to achieve long-term IT objectives?

A. Make the necessary strategic decisions and notify staff accordingly.

B. Develop tactics to implement the strategy and share with stakeholders.

C. Develop a communication plan for distribution of information to staff.

D. Meet with stakeholders to explain the strategy and incorporate feedback.

From a governance perspective, which of the following roles is MOST important for an enterprise to keep in-house?

A. Information auditor

B. Information architect

C. Information steward

D. Information analyst

Which of the following MOST effectively demonstrates operational readiness to address information security risk issues?

A. Executive management has announced an information security risk initiative.

B. IT management has communicated the need for information security risk management to the business.

C. A policy has been communicated stating enterprise commitment and readiness to address information security risk.

D. Procedures have been established for assessing and mitigating information security risks.