Newly Released Isaca CGEIT Exam PDF

The first step to address the risk of unauthorized disclosure of information is to establish a data classification policy. A data classification policy defines the categories of data based on their sensitivity and value to the organization, and specifies the appropriate security controls and handling procedures for each category. A data classification policy helps to identify the most critical and confidential data, and to prioritize the protection of such data from unauthorized access, disclosure, modification, or loss. A data classification policy also provides a basis for implementing other measures, such as data encryption tools, data loss prevention tools, and data retention policy, to enhance the security of data. References := Reducing Cybersecurity Security Risk From and to Third Parties; Unauthorized Access: Prevention Best Practices; Security of Enterprise Application Integration

Establishing a steering committee with business representation is the most important factor when an IT-enabled business initiative involves multiple business functions, because it ensures that the initiative is aligned with the strategic goals and needs of the organization, and that the different business functions have a voice and a stake in the decision-making process. A steering committee can also provide guidance, support, and oversight to the IT team and help resolve any conflicts or issues that may arise among the business functions. A steering committee can also monitor the progress and performance of the initiative and ensure that it delivers the expected benefits and value to the organization. References := What is an IT Steering Committee? – BMC Software | Blogs, Steering Committee: Definition, Roles & Meeting Tips - ProjectManager, How To Create an IT Steering Committee in 6 Steps - Indeed

 An architecture exception process is a mechanism to handle requests for deviations from the established IT architecture policies or standards. It allows the enterprise to evaluate the business case, risks, benefits, and alternatives of implementing a system that uses a technology that is not in line with its IT strategy. It also enables the enterprise to define the conditions, limitations, and timelines for granting or denying the exception. According to one of the web search results1, “requests for exceptions to any architectural policy or standard use this process” and “the decision may include a deadline for removing the need for the exception, constraints on future projects, or similar terms.” Addressing the situation as part of an architecture exception process is the best way to manage it within an IT governance framework, as it provides a structured andtransparent way to balance the business needs and the IT alignment. Updating the IT strategy to align with the new technology, initiating an operational change request, or rejecting based on non-alignment are not the best ways to manage the situation within an IT governance framework. They are more likely to be either too rigid or too reactive, and may not consider the trade-offs or implications of the decision..

 References:

CGEIT Review Manual 2021, Chapter 1: Governance of Enterprise IT, Section 1.4: Value Delivery, page 231

CGEIT Review Questions, Answers & Explanations Manual 2021, Question 9, page 82

A Matrixed Approach to Designing IT Governance - MIT Sloan Management Review3

Enterprise Architecture Governance | The Definitive Guide - LeanIX4

Architecture Review Board Exception Process - Minnesota’s State Portal5

 Ensuring that the system is maintained in compliance with enterprise architecture (EA) standards is the most effective way to prevent an IT system from becoming technologically obsolete before its planned return on investment (ROI), because it ensures that the system is aligned with the current and future business needs, goals, and strategies of the organization. Enterprise architecture (EA) standards define the principles, guidelines, and best practices for designing, developing, and managing IT systems in a consistent, coherent, and integrated manner across the organization. By following EA standards, IT leaders can ensure that the system is compatible with the existing and emerging technologies, platforms, and frameworks that support the business processes and functions. EA standards also help IT leaders to monitor and evaluate the performance, quality, security, and reliability of the system, and to identify and address anygaps, issues, or risks that may affect its functionality or value. EA standards also facilitate the communication and collaboration among different stakeholders involved in the system lifecycle, such as business users, IT staff, vendors, and auditors. By maintaining the system in compliance with EA standards, IT leaders can ensure that the system delivers the expected benefits and value to the organization and achieves its planned ROI. References := ISO/IEC/IEEE 42020:2019(en), Software, systems and enterprise ? Architecture processes, Sample: Enterprise Architecture Standards - CIO Portal, Obsolescence management for IT leaders - Information Age