Certified in the Governance of Enterprise IT (CGEIT) — Question 333

An analysis of an organization's security breach is complete. The results indicate that the quality of the code used for updates to its primary customer-facing software has been declining and security flaws were introduced. The FIRST IT governance action to correct this problem should be to review:

Answer options

• A. the incident response plan.
• B. the change management control framework.
• C. compliance with the user testing process.
• D. the qualifications of developers to write secure code.

Correct answer: A

Explanation

The correct answer is A because reviewing the incident response plan is crucial to understand how the breach occurred and to prevent similar incidents in the future. The other options, while important, do not directly address the immediate need to analyze and refine the response to the breach itself.