Senior management is reviewing the results of a recent security incident with significant business impact. Which of the following findings should be of GREATEST concern?

A. Response efforts had to be outsourced due to insufficient internal resources.
B. Significant gaps are present in the incident documentation.
C. Response decisions were made without consulting the appropriate authority.
D. The incident was not logged in the ticketing system.

An IT strategy committee wants to ensure that a risk program is successfully implemented throughout the enterprise. Which of the following would BEST support this goal?

A. Commitment from senior management
B. Mandatory risk awareness courses for staff
C. A risk management framework
D. A risk recognition and reporting policy

When establishing an enterprise data model, the BEST way to ensure the integrity of data is to:

A. implement the highest level of protection to data across the enterprise.
B. classify information using an agreed-upon schema.
C. implement a data loss prevention (DLP) program.
D. establish a privileged access management platform.

To enable the development of required IT skill sets for the enterprise, it is MOST important to define skill requirements based on:

A. one set of skills applicable to all IT staff.
B. each role within the IT department.
C. a best practices framework.
D. training needs.

An enterprise is about to complete a major acquisition, and a decision has been made that both companies will be using the parent company's IT infrastructure. Which of the following should be done NEXT?

A. Develop a communication plan to support the merger.
B. Conduct a gap analysis.
C. Perform a business impact analysis (BIA).
D. Update the enterprise architecture (EA).

Following a strategic planning session, new IT objectives were announced. Which of the following is the MOST effective way for the CIO to ensure these objectives are cascaded to IT personnel?

A. Update the IT balanced scorecard to align with the new IT objectives.
B. Establish IT management's performance measures based on the IT objectives.
C. Communicate the new IT objectives during a staff meeting.
D. Define individual performance measures related to the IT objectives.

Which of the following would be of MOST concern regarding the effectiveness of risk management processes?

A. Risk management requirements are not included in performance reviews.
B. Key risk indicators (KRIs) are not established.
C. There is no framework to ensure effective reporting of risk events.
D. The plans and procedures are not updated on an annual basis.

Which of the following provides the STRONGEST indication that IT governance is well established within an organizational culture?

A. IT governance defines how IT projects should be assessed.
B. Benefits of IT governance are realized throughout the organization.
C. There is awareness of IT metrics throughout the organization.
D. IT performance metrics are defined in the balanced scorecard.

Which of the following is the MOST effective way to manage risks within the enterprise?

A. Make staff aware of the risks in their area and risk management techniques.
B. Provide financial resources for risk management systems.
C. Document procedures and reporting processes.
D. Assign individuals responsibilities and accountabilities for management of risks.

Which of the following has the GREATEST influence on data quality assurance?

A. Data classification
B. Data modeling
C. Data stewardship
D. Data encryption