CGEIT Certified in the Governance of Enterprise IT – Question291

An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations. Once the categorizations are defined, what is the BEST long-term strategic response by IT governance to address this problem?

A.
Standardize data classification processes throughout the enterprise.
B. Reassess the data governance policy.
C. Incorporate enterprise privacy categorizations into contracts.
D. Require business impact analyses (BIAs) for enterprise systems.

Correct Answer: A