CGEIT Certified in the Governance of Enterprise IT – Question255

The CIO of an enterprise learns the payroll server of a competitor has been the victim of ransomware. To help plan for the possibility of ransomed corporate data, what should be the CIO's FIRST course of action?

A.
Back up corporate data to a secure location.
B. Develop a policy to address ransomware.
C. Require development of key risk indicators (KRIs).
D. Request a targeted risk assessment.

Correct Answer: D