When implementing an IT governance framework, which of the following would BEST ensure acceptance of the framework?

A. Factoring in the effects of enterprise culture
B. Complying with regulatory requirements
C. Using industry-accepted practices
D. Using subject matter experts

An enterprise wants to address the human factors of social engineering risk within the organization. From a governance perspective, which of the following is the BEST way to mitigate this risk?

A. Mandate security requirements be included in employee contracts.
B. Distribute the social media information security policy to staff.
C. Mandate annual security awareness training.
D. Restrict access to social media.

Which of the following is the GREATEST impact to an enterprise that has ineffective information architecture?

A. Data retention
B. Redundant systems
C. Poor desktop service delivery
D. Poor business decisions

An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy. Which of the following should be the MOST important consideration in developing this strategy?

A. The balance between business benefits and risk
B. Ensuring that the enterprise architecture (EA) is updated
C. Criticality of the information
D. Data ownership

Which of the following is the MOST important aspect of business ethics?

A. Complying with legal and regulatory requirements
B. Providing equal opportunities to employees
C. Protecting stakeholders' interests
D. Ensuring fair and consistent vendor management practices

When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

A. A risk assessment to determine the appropriate controls
B. Updated enterprise architecture (EA)
C. The additional cost of encrypting sensitive data
D. Skills gap analysis

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

A. Review the relevance of existing policy.
B. Implement controls to enforce the policy.
C. Mandate awareness training for all mobile device users.
D. Incorporate compliance metrics into performance goals.

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

A. Periodically review the IT risk register entries.
B. Benchmark risk framework against best practices.
C. Integrate IT risk into enterprise risk management.
D. Calculate financial impact for each IT risk finding.

IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:

A. audit findings.
B. user access approval procedures.
C. a risk and benefit evaluation.
D. the impact to security.

The PRIMARY objective of promoting business ethics within the IT enterprise should be to ensure:

A. legal and regulatory compliance.
B. corporate social responsibility.
C. employees act more responsibly.
D. trust among internal and external stakeholders.