Certified in the Governance of Enterprise IT (CGEIT) — Question 281

A hospital's executive steering committee is concerned about the increasing number of cyber attacks on patient data systems across the industry. The committee has asked the CIO to provide regular reporting with information that will help provide better oversight of cyber-related risk to the hospital. Including which of the following in the report would be MOST helpful to the committee?

Answer options

• A. Status of key risk indicators
• B. Current business impact levels
• C. IT operations gap assessment
• D. Cybersecurity risk benchmarks

Correct answer: B

Explanation

Including current business impact levels in the report is crucial as it directly reflects how cyber incidents could affect the hospital's operations and patient care. While the status of key risk indicators and IT operations gap assessments provide valuable insights, they do not offer the same immediate understanding of the potential consequences on the business. Cybersecurity risk benchmarks are useful for comparison but do not specifically address the hospital's unique impact from cyber risks.