Isaca Certified in the Governance of Enterprise IT Exam CGEIT Question # 77 Topic 8 Discussion
CGEIT Exam Topic 8 Question 77 Discussion:
Question #: 77
Topic #: 8
An enterprise plans to expand into new markets in countries lacking data privacy regulations, increasing risk exposure. Which of the following is the BEST course of action for the CIO?
A.
Identify business risk appetite and tolerance levels.
B.
Quantify the risk impact and evaluate possible countermeasures.
C.
Limit the personal data available to the high-risk countries.
D.
Mandate the strengthening of user access controls.
The best course of action for the CIO in this scenario is to identify business risk appetite and tolerance levels. Risk appetite is the amount and type of risk that an organization is willing to pursue, retain, or take in order to achieve its strategic objectives. Risk tolerance is the acceptable level of variation from the risk appetite. By identifying the business risk appetite and tolerance levels, the CIO can align the IT strategy and operations with the business goals, needs, and expectations, and ensure that the IT risks are managed within the acceptable boundaries. Identifying the business risk appetite and tolerance levels can also help the CIO to communicate and justify the IT decisions and actions to the senior management, board, and stakeholders, and to balance the costs and benefits of IT investments and initiatives. According to CPG 235 – Managing Data Risk, “The adequacy of data controls in ensuring that a regulated entity operates within its risk appetite would normally be assessed as part of introducing new business processes and then on a regular basis thereafter (or following material change to either the process, usage of data, internal controls or external environments).”
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit