Certified in the Governance of Enterprise IT (CGEIT) — Question 65
In an effort to reduce operation costs, an enterprise is switching from all internally-hosted applications to a mixture of internally- and externally-hosted applications.
Of the following, the risk appetite for this decision would BEST be defined by the:
Answer options
- A. vendor oversight committee.
- B. board of directors.
- C. chief information security officer.
- D. chief information officer.
Correct answer: C
Explanation
The chief information security officer (CISO) is responsible for overseeing the organization's security posture, including the risks associated with hosting applications externally. While the board of directors and the chief information officer may have input, the CISO is specifically tasked with evaluating and defining the risk appetite in relation to security concerns, making them the most relevant choice. The vendor oversight committee typically focuses on vendor management rather than risk appetite.