Which of the following is the PRIMARY responsibility of a data steward?
Correct Answer: D
One of the primary responsibilities of a data steward is to classify and label organizational data assets, which means to assign categories and tags to the data based on its characteristics, such as type, source, sensitivity, quality, or purpose. Classifying and labeling data helps to organize, manage, and protect the data assets, as well as to facilitate their discovery, access, and usage. Data stewards are also responsible for defining and maintaining the data classification and labeling standards and policies, and ensuring their compliance across the organization. References: What Is a Data Steward? Roles & Responsibilities | Zuar1, Data Stewards: Who They Are & Why Data Stewardship Matters - HubSpot Blog2, Data Steward: Roles, Responsibilities, and Certification3
Question 17
An enterprise recently implemented a significant change in its business strategy by moving to a technologically advanced product with considerable impact on the business. What should be the FINAL step in completing the changes to IT processes?
Correct Answer: A
Question 18
A newly appointed CIO has been tasked with the responsibility of developing an effective IT enterprise roadmap that meets business requirements. Which of the following is the BEST way to ensure that the business needs have been taken into consideration?
Correct Answer: A
Process owners are the individuals or groups who are responsible for the design, execution, and improvement of a business process. Process owners have a deep understanding of the business needs, goals, and challenges that the process aims to address. By involving process owners in requirements gathering, the CIO can ensure that the IT enterprise roadmap meets the business requirements and expectations, and that the IT solutions align with the business processes and outcomes. Process owners can also provide valuable feedback and insights on the feasibility, usability, and effectiveness of the IT solutions, and help to prioritize and validate the IT initiatives and deliverables. References: CGEIT Exam Content Outline | ISACA1, CGEIT Review Manual (Digital Version), Definitive Guide to Developing an IT Strategy and Roadmap - CioPages2, What is a Process Owner? | Lean Six Sigma Group3
Question 19
Which of the following is the PRIMARY consideration when developing an information asset management program?
Correct Answer: D
Regulatory requirements are the rules and standards that an organization must follow to comply with the laws and regulations that apply to its industry, sector, or jurisdiction. Regulatory requirements can affect how an organization manages its information assets, such as data, documents, records, and reports. Information assets are valuable and sensitive resources that need to be protected from unauthorized access, use, disclosure, modification, or destruction1. Regulatory requirements can specify how information assets should be classified, labeled, handled, stored, transmitted, retained, disposed, and audited23. Failing to comply with regulatory requirements can result in legal penalties, reputational damage, financial losses, or operational disruptions for the organization3. Therefore, regulatory requirements are the primary consideration when developing an information asset management program. The other options are not the primary consideration when developing an information asset management program, although they may be relevant or important factors. Operational requirements are the needs and expectations of the organization and its stakeholders for how information assets should support its business processes and objectives4. Industry best practice are the methods and techniques that have proven to be effective and efficient in managing information assets in a similar context or domain5. Cost benefit is the analysis of the advantages and disadvantages of investing in an information asset management program in terms of resources, time, and money6. These options are all secondary or subordinate to regulatory requirements, because they do not have the same legal or mandatory force. An organization can choose to adapt or modify its operational requirements, industry best practice, or cost benefit analysis based on its situation and preferences, but it cannot ignore or violate its regulatory requirements without consequences. References: * 1: https://www.cio.com/article/202183/what-is-data-governance-a-best-practices-framework-for-managing-d * 5: https://www.isaca.org/resources/isaca-journal/issues/2023/volume-2/what-is-best-practice-in-information-s * 4: https://www.gartner.com/en/information-technology/glossary/operational-requirements * 2: https://advisera.com/27001academy/blog/2014/05/12/information-classification-according-to-iso-27001/ * 3: https://www.csoonline.com/article/570281/csos-ultimate-guide-to-security-and-privacy-laws-regulations-a * 6: https://www.investopedia.com/terms/c/cost-benefitanalysis.asp
Question 20
An enterprise has made the strategic decision to begin a global expansion program which will require opening sales offices in countries across the world. Which of the following should be the FIRST consideration with regard to the IT service desk which will remain centralized? * The effect of regional differences On service delivery * Identification of IT service desk functions that can be outsourced
Correct Answer: A
The first consideration with regard to the IT service desk that will remain centralized is the effect of regional differences on service delivery. This is because regional differences can pose various challenges and opportunities for the IT service desk, such as: * Language and cultural barriers: The IT service desk staff should be able to communicate effectively and respectfully with customers from different countries and backgrounds, and understand their needs, preferences, and expectations. This may require hiring multilingual staff, providing language training, using translation tools, or outsourcing some services to local providers1. * Time zone differences: The IT service desk should be able to provide timely and consistent support to customers across different time zones, and avoid delays or disruptions in service delivery. This may require extending the service hours, implementing shift work, using automation tools, or outsourcing some services to local providers2. * Legal and regulatory differences: The IT service desk should be aware of and comply with the local laws and regulations that apply to the IT services they provide, such as data protection, privacy, security, taxation, and consumer rights. This may require conducting a risk assessment, obtaining legal advice, implementing policies and procedures, or outsourcing some services to local providers3. * Technical and operational differences: The IT service desk should be able to adapt to the technical and operational requirements and challenges of the different regions they serve, such as network connectivity, bandwidth, infrastructure, devices, software, standards, and best practices. This may require conducting a feasibility study, investing in technology upgrades, implementing quality assurance measures, or outsourcing some services to local providers4. The other options, identification of IT service desk functions that can be outsourced, enforcement of a standardized policy across all regions, and availability of adequate resources to provide support for new users are also important considerations for the IT service desk that will remain centralized, but they are not the first one. They are more related to the implementation and execution of the IT service desk strategy, rather than its design. They are also influenced by the regional differences factor, as they depend on the level of variation and complexity that the IT service desk faces in different regions. References := Five Ways to Provide a World Class Service Desk Experience, How to Run an IT Service Desk in a Hybrid or Remote World - Gartner, Best Practices for Building a Service Desk | Atlassian, The Top 18 Help Desk Metrics and Best Practices - HubSpot Blog
