Following a major IT incident that resulted in a loss to the enterprise, a CIO is preparing for a meeting with the board of directors to discuss what may have failed internally. Which of the following should the CIO do FIRST to provide assurance to the board?
A. Review the IT control environment.
B. Ensure IT and enterprise risk management alignment.
C. Review the incident response policy.
D. Verify continuous monitoring is being performed.
A. Review the IT control environment.
B. Ensure IT and enterprise risk management alignment.
C. Review the incident response policy.
D. Verify continuous monitoring is being performed.