CGEIT Certified in the Governance of Enterprise IT – Question320

An enterprise wants to address the human factors of social engineering risk within the organization. From a governance perspective, which of the following is the BEST way to mitigate this risk?

A.
Mandate security requirements be included in employee contracts.
B. Distribute the social media information security policy to staff.
C. Mandate annual security awareness training.
D. Restrict access to social media.

Correct Answer: B

CGEIT Certified in the Governance of Enterprise IT – Question318

An enterprise is concerned with the potential for data leakage as a result of increased use of social media in the workplace, and wishes to establish a social media strategy. Which of the following should be the MOST important consideration in developing this strategy?

A.
The balance between business benefits and risk
B. Ensuring that the enterprise architecture (EA) is updated
C. Criticality of the information
D. Data ownership

Correct Answer: A

CGEIT Certified in the Governance of Enterprise IT – Question316

When deciding to develop a system with sensitive data, which of the following is MOST important to include in a business case?

A.
A risk assessment to determine the appropriate controls
B. Updated enterprise architecture (EA)
C. The additional cost of encrypting sensitive data
D. Skills gap analysis

Correct Answer: A

CGEIT Certified in the Governance of Enterprise IT – Question315

A CIO just received a final audit report that indicates there is inconsistent enforcement of the enterprise's mobile device acceptable use policy throughout all business units. Which of the following should be the FIRST step to address this issue?

A.
Review the relevance of existing policy.
B. Implement controls to enforce the policy.
C. Mandate awareness training for all mobile device users.
D. Incorporate compliance metrics into performance goals.

Correct Answer: A

CGEIT Certified in the Governance of Enterprise IT – Question314

Which of the following is the MOST effective approach to ensure senior management sponsorship of IT risk management?

A.
Periodically review the IT risk register entries.
B. Benchmark risk framework against best practices.
C. Integrate IT risk into enterprise risk management.
D. Calculate financial impact for each IT risk finding.

Correct Answer: D

CGEIT Certified in the Governance of Enterprise IT – Question313

IT security is concerned with employees' increasing use of personal equipment for work-related purposes, while employees claim it allows them to be more productive. A decision on whether to modify the enterprise information security policy should be based on:

A.
audit findings.
B. user access approval procedures.
C. a risk and benefit evaluation.
D. the impact to security.

Correct Answer: C