tutorial answers
Complete the following list in the most likely order.
1.Corporate governance 2.IT governance 3.IT policy 4.Infosecurity governance
How many levels does COBIT goals cascade relateto each IT-related goal? What are they labeled as?
2 levels - primary(P) and secondary (S).
Which of the following should the chief information officer (CIO) create FIRST?
An IT strategy plan
What should a chief information officer (CIO) do FIRST to establish IT governance in an enterprise?
Establishing the desire to change
The MOST effective starting point to determine whether the IT strategic plan continues to support the enterprise's objects is to conduct interviews with:
Executive management
According to COBIT, culture, processes and people, when implemented and managed correctly contributes to the successful implementation of GEIT. What are they?
GEIT enablers
InfoSecurity governance is sometimes criticized as too theoretical. Select those statements below that you agree with.
IS governance is necessary to ensure no redundant or irrelevant IS investments are made. the 'theoretical' portion is necessary to ensure that IS investments are properly identified and contribute towards a holistic approach to security.
Explain what happens when goals cascade inCOBIT is used correctly.
IT goals are aligned with business goals.
IT governance is not necessarily a pre-requisite for corporate governance. True/False. Explain.
IT governance is not required in an enterprise that DOES NOT use IT strategically. For example, using it as word processor ONLY. However, given today's environment, this is highly unlikely.
A senior executive made a comment that infosecurity governance is just a waste of money and it does not produce anything. Prepare a response to this comment.
Infosecurity governance creates value by enabling the business processes which depend on IT to function with a lower risk of being disrupted due to cyberattacks or intrusions. For this reason, the money spent on infosecurity governance is both a necessary requisite to continued functioning of the business processes that create value for the company.
The IT director decides that he will implement IT governance in his department, even though the company does not have a well-defined corporate governance practice.
No, it is not possible. This is because IT governance relies on corporate governance to develop the organizational objectives and to enable the highest level of decision making body in the company to implement governance best practices in the company. Without that, IT governance alone is irrelevent and ineffective.
Which of the following has the GREATEST impact on the design of the IT governance framework?
Organizational structure and leadership
What the 2 types of events that may trigger an enterprise to consider GEIT?
Pain points and trigger points
To BEST support the enterprise's business goals, the IT department should:
Respond to business requirements in alignment with the business strategy
A company realizes that the business environment that it isin has changed drastically. It puts all its effort in adapting itsbusiness process to address the change. As theemployees are averse to change, only modifications tocurrent processes are done, at all cost. What is theproblem?
The company must realize that the creation of newprocesses and retirement of old ones may need to takeplace. It should garner the buy-in of its employees in thischange exercise.
Given the nature of business (dynamic and fluid),what is the most difficult challenge in strategicmanagement?
The most difficult challenge is to continually keep IT aligned with the changing business goals.
What is the main goal of strategic management in the context of governance of enterprise IT?
To ensure alignment between business goals and IT goals.
Which of the following should be performed FIRST when establishing an IT governance program in an enterprise?
Understanding the enterprise's mission, objectives, vision, values, culture and management style
For governance of enterprise IT to be successful, management and control of IT must be the responsibility of
both the business and IT functions.
1. Of the 6 key assets that need to be included in enterprise governance, which of them are most relevant to infosecurity governance?
it and inofmation
Effective governance of enterprise IT requires that
the enterprise strategy be an extension of the IT strategy.