Isaca Certified in the Governance of Enterprise IT Exam CGEIT Question # 79 Topic 8 Discussion
CGEIT Exam Topic 8 Question 79 Discussion:
Question #: 79
Topic #: 8
A chief technology officer (CTO) wants to ensure IT governance practices adequately address risk management specific to mobile applications. To create the appropriate risk policies for IT, it is MOST important for the CTO to:
Understanding the enterprise’s risk tolerance is the most important step for the CTO to create the appropriate risk policies for IT, as it would help to define the acceptable level of risk exposure and the risk appetite for mobile applications. Risk tolerance is the degree of uncertainty that an enterprise is willing to accept in pursuit of its objectives, and it reflects the enterprise’s culture, strategy, and stakeholder expectations. Risk policies for IT should be aligned with the enterprise’s risk tolerance, as well as its mission, vision, and goals. The other options are not as important, as they are more related to the implementation or measurement of risk management, rather than the establishment of risk policies. References: : CGEIT Review Manual (Digital Version), Chapter 4: Risk Optimization, Section 4.3: IT Risk Management, Subsection 4.3.1: IT Risk Management Overview, Page 153 : CGEIT Review Manual (Digital Version), Chapter 4: Risk Optimization, Section 4.3: IT Risk Management, Subsection 4.3.2: IT Risk Management Process, Page 156 : Proactive IT Risk Management in an Era of Emerging Technologies
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit