An IT audit reveals inconsistent maintenance of data privacy in enterprise systems primarily due to a lack of data sensitivity categorizations. Once the categorizations are defined, what is the BEST long-term strategic response by IT governance to address this problem?

A. Standardize data classification processes throughout the enterprise.
B. Reassess the data governance policy.
C. Incorporate enterprise privacy categorizations into contracts.
D. Require business impact analyses (BIAs) for enterprise systems.

A health tech enterprise wants to ensure that its in-house developed mobile app for users complies with data privacy regulations. Which of the following should be identified FIRST when creating an inventory of information systems and data related to the mobile app?

A. Vendors and outsourced systems
B. Data maintained by vendors
C. Information classification scheme
D. Application and data owners

Who is PRIMARILY accountable for delivering the benefits of an IT-enabled investment program to the enterprise?

A. Business sponsor
B. IT steering committee chair
C. CIO
D. Program manager

An enterprise is planning to outsource data processing for personally identifiable information (PII). When is the MOST appropriate time to define the requirements for security and privacy of information?

A. During the initial vendor selection process
B. After an assessment of the current information architecture
C. When issuing requests for proposals (RFPs)
D. When developing service level agreements (SLAs)

The CIO of a global technology company is considering introducing a bring your own device (BYOD) program. What should the CIO do FIRST?

A. Ensure the infrastructure can meet BYOD requirements.
B. Define a clear and inclusive BYOD policy.
C. Establish a business case.
D. Focus on securing data and access to data.

The CEO of an organization is concerned that there are inconsistencies in the way information assets are classified across the enterprise. Which of the following is be the BEST way for the CIO to address these concerns?

A. Require enterprise risk assessments.
B. Implement enterprise data governance.
C. Identify data owners across the enterprise.
D. Include data assets in the IT inventory.

A strategic systems project was implemented several months ago. Which of the following is the BEST reference for the IT steering committee as they evaluate its level of success?

A. The project's business case
B. Stakeholder satisfaction surveys
C. The project's net present value (NPV)
D. Operating metrics of the new system

When preparing a new IT strategic plan for board approval, the MOST important consideration is to ensure the plan identifies:

A. specific resourcing requirements for identified IT projects.
B. frameworks that will be aligned to IT programs.
C. roles and responsibilities that link to IT objectives.
D. implications of the strategy on the procurement process.

What is the PRIMARY objective for performing an IT due diligence review prior to the acquisition of a competitor?

A. Document the competitor's governance structure.
B. Determine whether the competitor is using industry-accepted practices.
C. Assess the status of the risk profile of the competitor.
D. Ensure that the competitor understands significant IT risks.

An enterprise embarked on an aggressive strategy requiring the implementation of several large IT projects impacting multiple business processes across all departments. Initially employees were supportive of the strategy, but there is growing fatigue and frustration with the ongoing new capabilities which must be learned. Which of the following would be the BEST action performed by senior management?

A. Establish "Reward and Recognition" efforts to boost employee morale.
B. Improve the system development life cycle (SDLC) process.
C. Incorporate an organizational change management program.
D. Assess current business and IT competencies.