MIS-450 Final

Which one of the following COBIT resources is one that we cover in our MIS 450 course? A. COBIT 2019 Design Guide: Designing an Information and Technology Governance Solution B. COBIT 2019 Implementation Guide: Implementing and Optimizing an Information and Technology Governance Solution C. COBIT 2019 Framework: Governance and Management Objectives D. COBIT 2019 Framework: Introduction and Methodology

COBIT 2019 Framework: Introduction and Methodology

Which one of the following is WRONG about COBIT as an I&T governance framework? A. From its foundation in the IT audit community, COBIT has developed into a broader and more comprehensive I&T governance and management framework B. COBIT is a framework for the governance and management of enterprise information and technology, aimed at the whole enterprise C. COBIT defines all the components that describe which IT-related decisions should be taken, and how and by whom they should be taken D. COBIT is a full description of the whole IT environment of an enterprise

COBIT is a full description of the whole IT environment of an enterprise

Which one of the following demonstrates the correct order of steps in the risk management framework according to the textbook? A. Categorize information system Authorize information system Select security controls Implement security controls B. Identify information systems Assess security controls and select them Authorize information system Monitor security controls C. Categorize information system Select, implement, and assess security controls Authorize information system Monitor security controls D. Categorize information system Assess security controls Monitor security controls Authorize information system

Categorize information system Select, implement, and assess security controls Authorize information system Monitor security controls

A ___________ is responsible for developing and implementing an information security program whereas a ___________ is responsible for the overall corporate security of the organization. A. Chief Compliance Officer Chief Financial Officer B. Chief Privacy Officer Chief Risk Officer C. Chief Technology Security Officer Chief Operations Officer D. Chief Information Security Officer Chief Security Officer

Chief Information Security Officer Chief Security Officer

Which of the following options cannot be considered as a way to handle shadow IT? A. Choosing not to address shadow IT through governance or management strategies. B. Tightly controlling data access and assessing what can be done with it. C. Defining clear accountabilities for both business and IT. D. Assigning IT resources to help shadow IT projects work within IT guidelines, standards, and policies.

Choosing not to address shadow IT through governance or management strategies.

Which one of the following IT works would be more appropriate for partner staff rather than full-time employees and contingent workers? A. Cloud services B. Strategic visioning C. Project management D. Hot skills needed immediately

Cloud services

___________ lay(s) out the framework for how a company will operate, including the roles and responsibilities of different stakeholders. ___________ is/are the specific plans and actions that a company will take to achieve its goals and objectives. A. Corporate governance / Strategies B. Mission / Vision C. Organizational goals / Key performance indicators D. Business value / Corporate guidelines

Corporate governance / Strategies

___________ is a type of risk that arises from the use of technology and technical infrastructure in an organization. A. Cyber risk B. Enterprise risk C. Cybersecurity risk D. Information security risk

Cyber risk

Which of the following best describes the difference between cyber risk and information security risk? A. Cyber risk refers to the potential for a data breach, while information security risk refers to unauthorized access to physical documents. B. Information security risk focuses on the vulnerability of software and systems, while cyber risk deals with external threats to an organization's infrastructure. C. Cyber risk is limited to risks associated with the internet, while information security risk refers to both digital and physical data protection. D. Cyber risk refers to the overall potential of an organization being impacted by cyber threats, while information security risk is the likelihood of unauthorized access, use, disclosure, disruption, modification, or destruction of information.

Cyber risk refers to the overall potential of an organization being impacted by cyber threats, while information security risk is the likelihood of unauthorized access, use, disclosure, disruption, modification, or destruction of information.

What is one way that IT organizations can respond to disruptions? A. Ignoring emerging trends and technologies in favor of established practices B. Focusing on maintaining existing capabilities rather than developing new ones C. Implementing new methodologies like Agile and DevOps D. Prioritizing long-term planning over short-term experimentation

Implementing new methodologies like Agile and DevOps

Which one of the following is NOT a reason for the growth of shadow IT? A. Increasing IT security B. Lower perceived cost C. Pressures of digital transformation D. The consumerization of business applications

Increasing IT security

Choose the phrase that best completes this sentence: ___________ is the single largest category of U.S. capital investment. A. Business Analytics B. Information Technology (IT) C. Software D. Marketing

Information Technology (IT)

___________ is the practice of preventing unauthorized access, use, disclosure, disruption, and modification, inspection, recoding, or destruction of information. A. Enterprise security B. Cybersecurity C. Network security D. Information security

Information security

An employee accidentally shares sensitive company information in an email sent to the wrong recipient. This situation is an example of which type of risk? A. Privacy risk B. Operational risk C. Information security risk D. Compliance risk

Information security risk

Choose the phrase that best completes this sentence: IT strategy is mainly about getting the balance right between ___________ strategic imperatives. A. business B. complementary C. organizational D. conflicting E. emerging

conflicting

Independent contractors, freelancers, and consultants are examples of _____________ labor. A. contingent B. project C. hybrid D. flexible

contingent

Keeping agreements and acting with integrity, honesty, and openness are essential for maintaining ___________. A. relationships. B. contracts. C. partnerships. D. credibility.

credibility.

Often _________ is the result of a combination of the new capabilities offered by a technology, complementary products and services that build on that technology, and changes in the expectations of and behaviors in a culture, market, or process as a result. A. disruption B. change C. interruption D. innovation

disruption

Most formal IT plans could not support enterprise strategy because it was too focused on ______________ issues. A. strategic B. logistic C. executive D. tactical E. business

tactical

Which of the following is an element of a digital strategy? A. Creating a data governance framework B. Developing a disaster recovery plan for IT infrastructure C. Building a data warehouse D. Implementing a customer relationship management (CRM) system

Implementing a customer relationship management (CRM) system

Which one of the following can be considered the best way to develop new IT capabilities in organizations? A. Business and IT strategies co-evolve together with a constant interaction between both parties. B. IT leads the business strategy. C. A third party intermediates between business and IT. D. Business and IT, together, lead strategies simultaneously. E. Business leads the IT strategy.

Business and IT strategies co-evolve together with a constant interaction between both parties.

Which one of the following is NOT an organization level where governance operates? A. Product B. Local C. Enterprise IT D. Board

Product

According to McKinsey's 2016 Survey "Partnering to shape the future-IT's new imperative", match the concepts with their corresponding definitions related to IT and business relationships: 1. Partner 2. Consultant 3. Supplier A) IT is treated and managed by business as a supplier of technology services. B) IT actively collaborates with business to shape overall strategy, which proactively leverages technology. C) IT provides input on plans for business, as part of regular discussions on supporting business objectives through technology. A. 1 - C 2 - A 3 - B B. 1 - B 2 - C 3 - A C. 1 - A 2 - C 3 - B D. 1 - A 2 - B 3 - C

1 - B 2 - C 3 - A

According to COBIT 2019 Framework, __________ is/are composed of seven components that are processes, organizational structures, principles, policies and frameworks, information, culture, ethics and behavior, people, skills and competencies, and services, infrastructure, and applications. A. Compliance requirements obsolescence B. COBIT design factors C. IT implementation methods D. A governance system

A governance system

Enterprise governance of information and technology (EGIT) is an integral part of corporate governance. Which one of the following is NOT true regarding EGIT? A. EGIT enables both business and IT people in organizations to execute responsibilities in support of business/IT alignment and the creation of business value from I&T-enabled business investments. B. A governing board in an organization such as a board of directors can implement and maintain effective EGIT without tailoring EGIT measures and implementation to their own specific context and needs. C. EGIT is concerned with value delivery from digital transformation and the mitigation of business risk that results from digital transformation. D. Governing boards (board of directors) oversee the definition and implementation of processes, structures, and relational mechanisms in the organizations.

A governing board in an organization such as a board of directors can implement and maintain effective EGIT without tailoring EGIT measures and implementation to their own specific context and needs.

What is the Gartner hype cycle? A. A model for predicting consumer behavior B. A graph that shows the evolution of a technology's maturity and adoption over time C. A process for developing new technologies D. A framework for managing customer relationships

A graph that shows the evolution of a technology's maturity and adoption over time

When business units purchase and implement technology without any inputs from the IT unit, it is called ___________. A. Shadow IT B. Business Design C. Cloud Computing D. Autonomous Problem Solving

A. Shadow IT

An information item can be assessed by considering the extent to which the relevant quality criteria, as defined in information Reference Model. Information quality criteria are evaluated in three categories: (1) Intrinsic, (2) Contextual, and (3) Security/Privacy/Accessibility. Which one of the following provides the correct definitions of each concept under Intrinsic? A. Accuracy: The extent to which information is correct and reliable Objectivity: The extent to which information is unbiased, unprejudiced and impartial Believability: The extent to which information is regarded as true and credible Reputation: The extent to which information is highly regarded in terms of its source or content B. Concise Representation: The extent to which information is compactly represented Consistent Representation: The extent to which information is presented in the same format Interpretability: The extent to which information is in appropriate languages, symbols and units, and the definitions are clear Understandability: The extent to which information is easily comprehended C. Ease of Manipulation: The extent to which information is easy to manipulate and apply to different tasks Availability: The extent to which information is available when required, or easily and quickly retrievable Restricted Access: The extents to which access to information is restricted appropriately to authorized parties D. Relevancy: The extent to which information is applicable and helpful for the task at hand Completeness: The extent to which information is not missing and is of sufficient depth and breadth for the task at hand Currency: The extent to which information is sufficiently up to date for the task at hand Appropriate Amount: The extent to which the volume of information is appropriate for the task at hand

Accuracy: The extent to which information is correct and reliable Objectivity: The extent to which information is unbiased, unprejudiced and impartial Believability: The extent to which information is regarded as true and credible Reputation: The extent to which information is highly regarded in terms of its source or content

Which one of the following organizational activities can b considered not closely related to information security? A. Advertising B. Human resources C. Legal D. Internal audit

Advertising

IT governance helps __________ an organization's governance structure for innovation and strategic projects with its structure for execution and operations governance. A. Market B. Align C. Unify D. Integrate

Align

____________ is/are responsible for ensuring that value is realized from IT investments. A. All of the four options are correct. B. IT staff C. Managers D. IT leaders E. None of the four options are correct. F. Executive leaders

All of the four options are correct.

Which one of the following is a factor driving the need for a data strategy? A. New analytical tools B. All of the options C. New types of data D. New risk and compliance concerns

All of the options

Which one of the following is NOT a governance system principle? A. Provide stakeholder value B. Based on conceptual model C. Tailored to enterprise needs D. Governance distinct from management

Based on conceptual model

According to COBIT 2019 Framework, Enterprise Governance of IT (EGIT) has three main outcomes that are expected after the successful adoption of EGIT. Which one of the following options provide these three main outcomes? A. Technology innovation, cybersecurity, and strategic alignment B. Benefits realization, risk optimization, and resource optimization C. Process improvement, cost reduction, and customer satisfaction D. Regulatory compliance, employee engagement, and brand reputation

Benefits realization, risk optimization, and resource optimization

At which level of governance should senior leadership be involved? A. Board governance B. Enterprise IT governance C. Business unit governance D. Local governance

Board governance

The __________ is a structured approach to evaluating potential IT investments and determining whether they are aligned with the organization's overall business objectives. It involves defining the problem or opportunity that the IT investment is intended to address, conducting a feasibility analysis, and developing a cost benefit analysis that compares the expected benefits of the investment with its expected costs. A. IT risk management process B. IT audit process C. IT project management process D. Business case process

Business case process

Choose the phrase that best completes this sentence. The __________ is vital for the development and implementation of a digital strategy because they can challenge business leaders. A. None of the options B. CIO C. CEO D. CTO

CIO

Which one of the following cannot be considered a primary objective of a talent management strategy? A. IT employee development and retention B. Strategic vision alignment C. Strategic workforce planning D. Branding and talent acquisition

Strategic vision alignment

Which option below can NOT be indicated regarding IT governance? A. IT governance specifies who makes decisions about the IT function and its work, and who is accountable for these B. IT governance regulates how decisions should be made, implemented, and managed C. IT governance determines how disputes should be settled D. IT governance specifies what specific decisions are made and how teams and groups are organized and led

IT governance specifies what specific decisions are made and how teams and groups are organized and led

Choose the phrase that best completes this sentence. __________ strategy is a plan of what an organization wants to accomplish with data and how it proposes to derive business value from it. A. IT B. Business C. Alignment D. Data

Data

Choose the phrase that best completes this sentence: __________ can provide the necessary direction to both IT and business regarding data strategy and its implementation. A. Administrative support B. Knowledge management systems C. Data governance councils D. Decision support systems

Data governance councils

According to COBIT 2019 Framework, __________ are factors that can influence the design of an enterprise's governance system and position it for success in the use of I&T. Some of these factors are enterprise strategy, risk profile, I&T-related issues, compliance requirements, and the role of IT. A. Risk factors B. IT governance factors C. Design factors D. Implementation factors

Design factors

Which one of the following can be considered a strategic goal? A. Develop and offer new digital products in 3 years. B. Increase the number of salespeople from 8 to 12 people in 6 months. C. Reduce average customer service time from half an hour to 25 minutes in 9 months. D. Increase the customer satisfaction by 10% in 3 months.

Develop and offer new digital products in 3 years.

There are risks for a company when they employ contingent workers and partner staff. Which one of the following CAN NOT be considered a risk due to employing contingent workers? A. Increased likelihood of failure B. Easier to release these employees if they are not needed or if they don't work out. C. Loss of knowledge, trade secrets, and intellectual property in the longer-term D. Fragmented policies, practices, and governance

Easier to release these employees if they are not needed or if they don't work out.

Which one of the following is NOT a practice that assists in focusing on the development and implementation of a digital strategy? A. Establish a business-first structure B. Seek broad community engagement C. Communicate constantly D. Consider the CIO's role

Establish a business-first structure

Which one of the following is NOT considered a key principle of a cyber risk management framework? A. Cross-functional representation B. Establishing risk tolerance C. Governance D. Business risk focus

Establishing risk tolerance

Which one of the following is NOT a management objective? A. Evaluate, Direct and Monitor (EDM) addresses performance monitoring and conformance of I&T with internal performance targets, internal control objectives and external requirements B. Build, Acquire and Implement (BAI) treats the definition, acquisition and implementation of I&T solutions and their integration in business processes C. Align, Plan and Organize (APO) addresses the overall organization, strategy and supporting activities for I&T D. Deliver, Service and Support (DSS) addresses the operational delivery and support of I&T services, including security

Evaluate, Direct and Monitor (EDM) addresses performance monitoring and conformance of I&T with internal performance targets, internal control objectives and external requirements

COBIT 2019 Framework uses four dimensions (financial, customer, internal, and growth) to measure how well an organization achieves its goals, and specific metrics are used for each dimension to assess the organization's performance in that area. In which dimension are the metrics below considered? - Percent of products and services that meet or exceed targets in revenues and/or market share - Cost of regulatory noncompliance, including settlements and fines A. Growth B. Internal C. Financial D. Customer

Financial

Which one of the following provides the explanation of the difference between governance and strategy? A. Governance and strategy are essentially the same thing, with governance being a broader term that includes strategic decision-making B. Governance refers to the overall framework and processes for decision-making and accountability within an organization, while strategy refers to the specific plans and actions taken to achieve organizational goals C. Governance is concerned with the day-to-day operations of an organization, while strategy is focused on long-term planning and direction D. Governance and strategy are both important aspects of organizational management, but they are completely separate and unrelated concepts

Governance refers to the overall framework and processes for decision-making and accountability within an organization, while strategy refers to the specific plans and actions taken to achieve organizational goals

What is the first step a company should take when identifying an emerging technology (ET) for potential use in their industry? A. Identify relevant ETs B. Connect ETs with business needs C. Implement ETs at the right time D. Assess business and technical potential

Identify relevant ETs

Which one of the following statements is related to digital strategy? A. It ensures that the organization's data is accurate, complete, and available for use in making informed decisions. B. It aims to create a seamless digital experience for customers and improve the overall customer experience. C. It focuses on using technology to enable business goals and objectives. D. It involves developing a plan for how technology will be used to support the organization's overall strategy.

It aims to create a seamless digital experience for customers and improve the overall customer experience.

Which of the following is a benefit of shadow IT? A. It brings customer requirements front and center. B. It reduces inefficiencies in technology procurement. C. It increases IT security by adding complexity to the IT architecture. D. It eliminates the hidden costs incurred.

It brings customer requirements front and center.

What is one way that organizational inertia can impact a business in the face of disruption? A. It can help the business respond more quickly to changes. B. It can result in the business identifying emerging needs of new customer segments. C. It can result in the business prioritizing long-term investments over short-term gains. D. It can make it difficult for the business to adapt to new technologies or customer demands.

It can make it difficult for the business to adapt to new technologies or customer demands.

Which option best describes the process of how a data strategy is developed? A. It should be developed in isolation from business and technology strategies B. It should be aligned with business and technology strategies and open to external competitive forces and new possibilities created by new technologies and new types of data C. It should stress tailoring a company's activities to address its chosen position in the marketplace D. It should focus solely on developing new capabilities

It should be aligned with business and technology strategies and open to external competitive forces and new possibilities created by new technologies and new types of data

Which one of the following CANNOT be considered a reason for organizations to resolve the IT talent management crisis? A. Limited pool of qualified people B. Capabilities to attract and acquire qualified people C. Lack of talent management innovation D. IT leadership's lack of diversity

Limited pool of qualified people

Which one of the following elements can be excluded from a digital strategy, but can be included in an IT strategy? A. Corporate social responsibility initiatives and sustainability programs B. Managing relationships with IT vendors and evaluating their products and services C. Online marketing campaigns and advertising D. Search engine optimization (SEO)

Managing relationships with IT vendors and evaluating their products and services

Which one of the following is NOT considered an intangible benefit? A. Brand recognition B. Trademarks C. Market share D. Customer satisfaction

Market share

Which one of the following options is NOT true about the appropriate use of metrics to tell the IT value story? A. A good metric is understandable by a non-IT audience. B. A good metric should be a leading indicator of change. C. A good metric has a clear link to a business outcome. D. A good metric is straightforward when outcomes are clearly defined at the outset of an initiative. E. None of the four options.

None of the four options.

Which one of the following is NOT a part of a company's data ecosystem? A. Operations management B. Business strategy C. Technology strategy D. Data architecture

Operations management

When creating a digital strategy, the most significant risk a multichannel business faces is: A. Value proposition B. Obsolescence C. Cannibalization D. Organizational silos

Organizational silos

Aligning IT initiatives with the business strategic vision usually involves different types of initiatives which are generally implemented as projects. Which project type would be the easiest one for the stakeholders to agree on? A. Projects that extend or transform how a company does business. B. Projects that help organizations streamline their processes and save substantial amounts of money. C. Small-scale, experimental initiatives designed to test the viability of new concepts or technologies. D. Projects that operationalize, scale up, or leverage successful experiments or prototypes.

Projects that help organizations streamline their processes and save substantial amounts of money.

Which one of the following is NOT a component of managing emerging technologies? A. Identification B. Connection with real business needs and opportunities C. Assessment for business and technical potential D. Rapid implementation across the organization

Rapid implementation across the organization

There are challenges for CIOs while articulating IT strategy and linking it more effectively with business strategy. According to the textbook, which one of the following CANNOT be considered a barrier to effective IT strategy? A. Poorly integrated processes for developing IT and business strategies B. Traditional budget cycles C. Rapidly changing technology D. Unbalanced strategic and tactical initiatives E. Lack of a governance structure for enterprise-wide projects

Rapidly changing technology

Which one of the following is NOT considered an advantage for using contingent staff to access specialized skills? A. Receiving benefits such as health care, vacations, and pension contributions B. Focusing on competency gaps C. Focusing on strategic projects D. Releasing employees to add the most value

Receiving benefits such as health care, vacations, and pension contributions

According to COBIT 2019 Framework, IT cost and oversight, enterprise/IT architecture, unauthorized actions, software failures, geopolitical issues, acts of nature, and logical attacks (hacking, malware, etc.) are categories evaluated within __________. A. Compliance requirements design factor B. Risk profile design factor C. Enterprise strategy design factor D. IT implementation methods design factor

Risk profile design factor

IT architects are responsible for designing and implementing the organization's IT systems and infrastructure. They work closely with product owners and other stakeholders. They ensure that systems are designed in a way that meets business requirements and supports the organization's overall goals. The statements explain the job of IT architects. In what part of IT governance do these statements fit? A. Guidelines B. Best practices C. Processes D. Roles

Roles

As an element of IT governance, __________ refer to policies, compliance, technical standards, mandates, and other enforceable business rules. A. Processes B. Principles C. Rules D. Roles

Rules

Small and medium enterprises have less staff, fewer IT resources, and shorter and more direct reporting lines, and differ in many more aspects from large enterprises. For that reason, their governance system for I&T will have to be less onerous, compared to large enterprises. This is described in the __________ focus area guidance of COBIT. A. SME B. Digital transformation C. Risk D. DevOps

SME

In successful IT-business partnerships, which of the following features is crucial for setting the tone and direction for the partnerships? A. A Collaborative Mind-Set B. Senior Management C. Individual Relationships D. Serendipity: Sharing ideas with the right person at the right time, leading to creative solutions through chance encounters.

Senior Management

Which one of the following is considered IT's concern about shadow IT? A. Shadow IT adds value and encourages innovation in the business units. B. Shadow IT can create prototypes for future, approved IT solutions. C. Shadow IT reduces IT workloads by identifying business requirements for IT D. Shadow IT introduces significant security, privacy, and compliance risks to the organization.

Shadow IT introduces significant security, privacy, and compliance risks to the organization.

COBIT Goals Cascade starts with __________. A. Stakeholder drivers and needs B. Enterprise goals C. Governance and management objectives D. Alignment goals

Stakeholder drivers and needs

Choose the phrase that best completes this sentence: ______________ can ensure that business and IT strategies work well together. A. None of them B. Strategy seminars C. Strategic principles D. Strategic goals E. Strategic alignment

Strategic alignment

Which one of the following is NOT an example of structured data? A. Web page table B. Spreadsheet C. Twitter tweets D. Database record

Twitter tweets

Which one of the following is NOT a part of the hierarchy of business needs of IT to deliver real business value? A. Relationship B. Competence C. Credibility D. Technical capability

Technical capability

Which one of the following is challenging for information security teams in an organization regarding authentication? A. The issues in accessing and using data, and the lack of distinguishing between viewing and using data made authentication a more serious problem. B. Physical access and how the physical office space security is handled made authentication a more serious problem. C. Access controls have been embedded in different systems which made authentication a more serious problem. D. The introduction of mobility, multiple access devices, and the increasing number of external partners in organizations made authentication a more serious problem.

The introduction of mobility, multiple access devices, and the increasing number of external partners in organizations made authentication a more serious problem.

What is the "trough of disillusionment" in the Gartner hype cycle? A. The stage where a technology reaches its peak of inflated expectations B. The stage where a technology is first introduced to the market C. The stage where a technology becomes widely adopted and integrated into society D. The stage where a technology experiences a sharp drop in interest and investment

The stage where a technology experiences a sharp drop in interest and investment

Which one of the following should NOT be used in a convincing IT value business narrative? A. The story should be framed around business terms and language. B. The story should be tailored for each stakeholder group. C. The story should always be built from the technology perspective. D. The story should explain the why, what, and how of the work.

The story should always be built from the technology perspective.

Select the items below that should NOT be used in a convincing IT value business narrative. A. The story should be framed around business terms and language. B. The story should be about technology. C. Explain the why, what, and how of the work. D. The story should be tailored for each stakeholder group. E. The story should always be built from the technology (bottom-up).

The story should be about technology. The story should always be built from the technology (bottom-up).

Why is cyber risk management becoming more challenging for organizations? A. Cyber risk management only involves prevention. B. Information security is becoming less important thanks to the new tools to tackle the risks. C. Organizations are becoming less dependent on technology with novel artificial intelligence tools. D. There are new risks associated with technology that are not yet well understood.

There are new risks associated with technology that are not yet well understood.

In the context of the Ideal IT-Business Partnership, which of the following is a key characteristic? A. Input from IT is not actively solicited for strategic decisions. B. There is trust between IT and business units. C. IT has to keep proving itself. D. Business expectations of IT change continually.

There is trust between IT and business units.

What is one reason why established businesses fail with disruption? A. They become too comfortable in their current market position. B. They have a streamlined decision-making process. C. They allocate resources efficiently. D. They have a focus on emerging customer needs.

They become too comfortable in their current market position.

Choose the phrase below that best completes this sentence: ___________ is essential for both superior performance and for developing the collaborative relationships that lead to success. A. Trust B. Competence C. Partnering D. Collaboration

Trust

COBIT 2019 Framework outlines a four-step process for designing an effective governance system. Which of the following options provides the correct sequence of these four steps? A. Understand the enterprise context and strategy Determine the initial scope of the governance system Refine the scope of the governance system design Conclude the governance system design B. Understand the enterprise context and strategy Develop the IT strategy Align the IT strategy with IT governance Refine the scope of the governance system C. Define governance objectives Establish governance structure Identify governance components Monitor and review governance performance D. Establish governance structure Refine the scope of the governance system Identify governance components Monitor and review governance performance

Understand the enterprise context and strategy Determine the initial scope of the governance system Refine the scope of the governance system design Conclude the governance system design

Which one of the following is a wrong match for information security improvement practices? A. Partnering: Adopt a multi-disciplinary, multi-stakeholder approach for all security issues. B. Understanding Trade-offs: Contextual analysis of the nature and severity of risk from various perspectives. C. Using prototypes or Agile development: They help develop and co-evolve security practices with a diverse array of stakeholders more effectively. D. Building Layers: Simplify security by taking access and authentication management out of systems.

Using prototypes or Agile development: They help develop and co-evolve security practices with a diverse array of stakeholders more effectively.

Regardless of the type of worker, IT leaders need to manage them effectively to drive performance and ensure high standards. Which one of the following cannot be considered an effective way of dealing with the negative consequences of working with different types of IT workers? A. Utilizing only full-time employees for all the IT works B. Treating everyone as part of the team C. Developing face-to-face relationships D. Providing leadership for staffing issues

Utilizing only full-time employees for all the IT works

___________ is the worth, importance, or usefulness of something to a stakeholder within a context. A. Change B. Solution C. Value D. Need

Value

Choose the phrase below that best completes this sentence: Risk ___________ is the level of risk acceptable in certain areas. A. likelihood B. analysis C. impact D. appetite

appetite

The cost of a contingent and partner worker is lower because they do not receive __________ from the hiring company most of the time. Besides, their __________ is less as companies can bypass some processes such as onboarding and performance reviews.

benefits; administration time

COBIT, ITIL, ISO 27001, and NIST Cybersecurity Framework are __________ that are crucial in developing an effective IT governance for an organization. A. best practices B. legal requirements C. IT product vendors D. financial regulations

best practices

If the democratization of IT is a natural evolution; Shadow-IT can be called ___________. A. agile development. B. localized development. C. staff development. D. citizen development.

citizen development.

Choose the word below that best completes this sentence: Hazards such as disasters, pandemics, and geopolitical upheavals are examples of the source for ___________ risks. A. external B. internal C. acceptable D. avoided

external