Which of the following is MOST critical to support IT governance cultural changes within an organization?
Correct Answer: D
Question 217
Which of the following is the BEST method for determining an enterprise's current appetite for risk?
Correct Answer: C
Question 218
A business is considering a policy to anonymize personal data in enterprise systems. Before making a decision, which of the following is MOST important for the IT steering committee to consider?
Correct Answer: B
The MOST important thing for the IT steering committee to consider before deciding on a policy to anonymize personal data in enterprise systems is the regulatory requirements. Anonymization is the process of protecting private or sensitive information by erasing or encrypting identifiers that connect an individual to stored data1. However, different jurisdictions may have different definitions, standards, and rules for anonymization and data protection2. For example, the EU's General Data Protection Regulation (GDPR) outlines a specific set of rules that protect user data and create transparency1. The GDPR permits companies to collect anonymized data without consent, use it for any purpose, and store it for an indefinite time-as long as companies remove all identifiers from the data1. However, if the data is not fully anonymized and can be re-identified by using de-anonymization methods, then the GDPR still applies and requires consent, purpose limitation, and data minimization2. Therefore, the IT steering committee should consider the regulatory requirements of the applicable legislation in both the home and host countries before deciding on a policy to anonymize personal data in enterprise systems. This can help to ensure compliance, avoid fines or penalties, and protect the reputation and trust of the business.
Question 219
Which of the following is the PRIMARY ongoing responsibility of the IT governance function related to risk?
Correct Answer: C
Ensuring IT risk management is aligned with business risk appetite is the primary ongoing responsibility of the IT governance function related to risk, as it helps to ensure that the IT risks are consistent with the enterprise's objectives, strategy, and tolerance for risk. IT risk management alignment also facilitates the integration of IT risk management with enterprise risk management (ERM), and the communication and reporting of IT risk to the relevant stakeholders123. := CGEIT Exam Content Outline, Domain 4, Subtopic B: IT Risk Management, Task 1: Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.
Question 220
An organization supports both programs and projects for various industries. What is a portfolio?
