CGEIT Certified in the Governance of Enterprise IT – Question173

An enterprise has a zero-tolerance policy regarding security. This policy is causing a large number of email attachments to be blocked and is a disruption to the enterprise. Which of the following should be the FIRST governance step to address this email issue?

A.
Obtain senior management input based on identified risk.
B. Direct the development of an email usage policy.
C. Recommend business sign-off on the zero-tolerance policy.
D. Introduce an exception process.

Correct Answer: B