Certified in the Governance of Enterprise IT (CGEIT) — Question 7

A company is considering selling products online, and the CIO has been asked to advise the board of directors of potential problems with this strategy. Which of the following would be the CIO's BEST course of action?

Answer options

• A. Perform a risk assessment.
• B. Review the security framework.
• C. Conduct a return on investment analysis.
• D. Review the enterprise architecture.

Correct answer: B

Explanation

The best course of action for the CIO is to review the security framework, as this will identify potential vulnerabilities and ensure that the online selling strategy is secure. Performing a risk assessment (A) is important but secondary to understanding existing security measures. Conducting a return on investment analysis (C) and reviewing the enterprise architecture (D) are also relevant, but they do not directly address immediate security concerns.