ExamGecko
Search Search Login
Home Home / Isaca / CGEIT
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Results of an enterprise's customer survey indicate customers prefer using mobile applications. However, this same survey shows the enterprise's mobile applications are considered inferior compared to legacy browser-based applications. Which of the following should be the FIRST step in creating an effective long-term mobile application strategy?
Which of the following is the MOST important consideration when integrating a new vendor with an enterprise resource planning (ERP) system?
An enterprise is planning a transformation initiative by leveraging emerging technology that will have a significant impact on existing products and services Which of the following is the BEST way for IT to prepare for this change?
Which of the following BEST enables an enterprise to determine how business expectations should be addressed in a governance program?
Which of the following decisions would be made by the IT strategy committee?
An organization's board of directors has questioned the value provided by IT key performance indicators (KPIs). Which of the following is the BEST way to determine whether the KPIs adequately support organizational objectives?
Acceptance of an enterprise's newly implemented IT governance initiatives has been resisted by a functional group requesting more autonomy over technology choices. Which of the following is MOST important to accommodate this need for autonomy?
A CIO is concerned with the potential of vendor system failures that could cause a large amount of unintended system downtime. To determine how to prepare for this concern, what is MOST important for the CIO to review?
A regulatory audit assessed an enterprise's main transactional application as noncompliant. In addition to fines and required corrections, an agreement was reached to implement a set of governance controls over IT. Accountability for these controls is BEST assigned to which of the following?
A CEO wants to establish a governance framework to facilitate the alignment of IT and business strategies. Which of the following should be a KEY requirement of this framework?

Question 527 - CGEIT discussion

Report
Export

IT governance within an enterprise is attempting to drive a cultural shift to enhance compliance with IT security policies. The BEST way to support this objective is to ensure that enterprise IT policies are:

A.

communicated on a regular basis.

Answers
A.

communicated on a regular basis.

B.

acknowledged and signed by each employee.

Answers
B.

acknowledged and signed by each employee.

C.

centrally posted and contain detailed instructions.

Answers
C.

centrally posted and contain detailed instructions.

D.

integrated into individual performance objectives.

Answers
D.

integrated into individual performance objectives.

Suggested answer: D

Explanation:

Integrating IT security policies into individual performance objectives is the best way to support the objective of driving a cultural shift to enhance compliance with IT security policies.This is because performance objectives are specific, measurable, achievable, relevant, and time-bound (SMART) goals that define what each employee is expected to accomplish and how they will be evaluated1. By integrating IT security policies into performance objectives, the enterprise can:

Communicate the importance and value of IT security policies to each employee2

Motivate and incentivize employees to comply with IT security policies2

Monitor and measure employees' compliance with IT security policies2

Provide feedback and recognition to employees who comply with IT security policies2

Identify and address any gaps or issues in employees' compliance with IT security policies2

Integrating IT security policies into performance objectives can help to create a culture of accountability, responsibility, and awareness for IT security within the enterprise. It can also help to align the individual goals of employees with the organizational goals of IT governance.

The other options, communicating IT security policies on a regular basis, acknowledging and signing IT security policies by each employee, and centrally posting IT security policies with detailed instructions are not as effective as integrating IT security policies into performance objectives for supporting the objective of driving a cultural shift to enhance compliance with IT security policies. They are more related to the dissemination and implementation of IT security policies, rather than their integration and evaluation. They may not have a significant impact on the behavior and attitude of employees towards IT security policies, as they may not provide sufficient motivation, feedback, or recognition for compliance. They may also be perceived as passive, formal, or coercive methods of enforcing IT security policies, rather than active, informal, or collaborative methods of engaging employees in IT security policies.Reference:=Performance Objectives - SMART Goals - BusinessBalls,How to Integrate Security Into Employee Performance Objectives,IT Security Policy: Key Components & Best Practices for Every Business ...

Show Answer
asked 18/11/2024
Andres Montero
32 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms