Certified in the Governance of Enterprise IT (CGEIT) — Question 49

An enterprise has a zero-tolerance policy regarding security. This policy is causing a large number of email attachments to be blocked and is a disruption to the enterprise. Which of the following should be the FIRST governance step to address this email issue?

Answer options

• A. Obtain senior management input based on identified risk.
• B. Direct the development of an email usage policy.
• C. Recommend business sign-off on the zero-tolerance policy.
• D. Introduce an exception process.

Correct answer: B

Explanation

The correct answer is B because developing an email usage policy can provide clear guidelines and address the issues caused by the zero-tolerance policy. Options A, C, and D may provide valuable input or processes, but they do not directly address the immediate need for a structured email usage policy to mitigate disruptions.