Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CGEIT All Questions

View all questions & answers for the CGEIT exam
Go to Exam

Exam CGEIT topic 1 question 177 discussion

Actual exam question from Isaca's CGEIT
Question #: 177
Topic #: 1
[All CGEIT Questions]

An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information
(PII). The IT risk management team's FIRST course of action should be to:

  • A. evaluate the risk appetite for the new regulation.
  • B. determine if the new regulation introduces new risk.
  • C. assign a risk owner for the new regulation.
  • D. define the risk tolerance for the new regulation.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by WongY at Sept. 4, 2021, 7:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
MDMA786
3 months, 4 weeks ago
you need to first asign a risk owner who will then determine if it is actually a risk or is alreade mitigated.
upvoted 1 times
MDMA786
3 months, 2 weeks ago
The anser is B
upvoted 1 times
...
...
Chiraag
10 months, 4 weeks ago
Selected Answer: B
Answer is B
upvoted 2 times
...
SuperMax
11 months ago
Selected Answer: B
B. determine if the new regulation introduces new risk. Before addressing risk appetite, assigning a risk owner, or defining risk tolerance, the team should first assess whether the new regulation introduces any new risks to the organization. This involves understanding the requirements of the regulation, evaluating how it impacts the organization's handling of personally identifiable information (PII), and identifying potential vulnerabilities or areas where compliance may be challenging. Once the team has a clear understanding of the new risks introduced by the regulation, they can then proceed to other risk management activities such as evaluating risk appetite, assigning a risk owner, and defining risk tolerance.
upvoted 2 times
...
WongY
3 years, 2 months ago
Which come first - Identify risks or identify risk owner?
upvoted 1 times
GLin
3 years, 1 month ago
Maybe B
upvoted 1 times
...
Ramye
3 years ago
Should B to see if the new regulation poses any risk which is beyond current risk appetite. If it is beyond current risk appetite then move on to next step.
upvoted 3 times
John_Connor
3 years ago
Agree on this.
upvoted 1 times
...
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel