Isaca Updated CGEIT Exam Questions and Answers by lilia

Identifying gaps in information asset protection should be the first high-level initiative for a newly created IT strategy committee in order to support the business goal of making IT security a priority. This initiative would help to assess the current state of IT security, identify the risks and vulnerabilities that may compromise the confidentiality, integrity, and availability of information assets, and determine the actions and resources needed to address them. The other options are not as high-level, as they are more related to the implementation or execution of IT security, rather than the planning or direction of it. References: : CGEIT Review Manual (Digital Version), Chapter 1: Governance of Enterprise IT, Section 1.3: Strategic Management, Subsection 1.3.2: Strategic Management Process, Page 23 : CGEIT Review Manual (Digital Version), Chapter 4: Risk Optimization, Section 4.3: IT Risk Management, Subsection 4.3.2: IT Risk Management Process, Page 156 : CGEIT Review Manual (Digital Version), Chapter 5: Resource Optimization, Section 5.3: Security Resource Management, Subsection 5.3.1: Security Resource Management Overview, Page 192 : What is CGEIT? A certification for seasoned IT governance professionals1

A business impact analysis (BIA) is a process of predicting the organizational and financial impact of business disruptions, such as vendor system failures. A BIA can help the CIO to prepare for this concern by identifying the critical business processes, the potential effects of disruption, and the recovery requirements and strategies. A BIA can also help the CIO to prioritize the resources and actions needed to restore the normal operations as quickly as possible1. A BIA is an essential component of business continuity planning (BCP) and disaster recovery planning (DRP)2.

An IT balanced scorecard is a tool that measures and monitors the performance of IT in relation to the strategic goals and objectives of the organization. An IT balanced scorecard can help the CIO to evaluate the effectiveness and efficiency of IT, but it does not address the impact of business disruptions or the recovery plans.

Service-level metrics are indicators that measure and report the quality and availability of IT services delivered to the customers or users. Service-level metrics can help the CIO to track and improve the service delivery, but they do not assess the impact of business disruptions or the recovery plans.

An IT procurement policy is a document that defines the rules and procedures for acquiring IT products and services from external vendors. An IT procurement policy can help the CIO to manage the vendor relationships, contracts, and risks, but it does not analyze the impact of business disruptions or the recovery plans. References: How To Conduct Business Impact Analysis in 8 Easy Steps. The Top 10 Vendor Risks & How to Manage Them. What is FMEA? Failure Mode & Effects Analysis. Definition of Business Impact Analysis (BIA). [IT Balanced Scorecard: Definition, Frameworks, Examples]. [Service Level Metrics: Definition, Types, Examples]. [IT Procurement Policy: Definition, Components, Examples].

IT principles and policies are the documents that best reflect the ethical values adopted by an IT organization. IT principles are the high-level statements that express the fundamental beliefs and values of the organization regarding the use and management of IT. IT policies are the specific rules and guidelines that implement the IT principles and ensure compliance with ethical standards and regulations. IT principles and policies help to align IT with business objectives, foster a culture of trust and responsibility, and promote good governance practices. References := CGEIT Exam Content Outline, Domain 1: Governance of Enterprise IT, Subtopic A: Governance Framework, Task 2: Ensure that a framework is in place to support the alignment of IT with enterprise objectives, enabling value creation. Ethics for IT Professionals/ProfessionalCode of Ethics, Ethical Code section. Values and Ethics in Information Systems, Introduction section. Purpose, Ethical Values, Culture and Behaviours, Ethical Values section.

The best way to ensure the continued usefulness of IT governance reports for stakeholders is to establish a standard process for providing feedback. This means that the organization should define and communicate the purpose, scope, format, frequency, and distribution of the IT governance reports, and solicit input from the stakeholders on how well the reports meet their information needs and expectations. The feedback process should also include mechanisms for collecting, analyzing, and acting on the feedback, as well as reporting back to the stakeholders on the changes made or planned. This will help to ensure that the IT governance reports are relevant, accurate, timely, and consistent, and that they support the decision-making and accountability of the stakeholders