Certified in the Governance of Enterprise IT (CGEIT) — Question 202

A major data leakage incident at an enterprise has resulted in a mandate to strengthen and enforce current data governance practices. Which of the following should be done FIRST to achieve this objective?

Answer options

Correct answer: B

Explanation

The first step in enhancing data governance after a breach is to assess data security controls (B) to identify vulnerabilities. This evaluation provides the necessary insights to understand where the weaknesses lie before taking further actions like reviewing logs, verifying ownership, or analyzing quality.