Certified in the Governance of Enterprise IT (CGEIT) — Question 60

An IT steering committee wants the enterprise's mobile workforce to use cloud-based file storage to save non-sensitive corporate data, removing the need for remote access to that information. Before this change is implemented, what should be included in the data management policy?

Answer options

• A. A process for blocking access to cloud-based apps if inappropriate content is discovered
• B. A requirement to scan approved cloud-based apps for inappropriate content
• C. A mandate for periodic employee training on how to classify corporate data files
• D. A mandate for the encryption of all corporate data files at rest that contain sensitive data

Correct answer: C

Explanation

The correct answer, C, emphasizes the importance of training employees on data classification, ensuring that they understand how to handle corporate data appropriately. Options A and B focus on managing inappropriate content, which is less relevant for non-sensitive data, and option D pertains to sensitive data encryption, which is not the main concern for the cloud storage of non-sensitive information.