ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CGEIT All Questions

View all questions & answers for the CGEIT exam
Go to Exam

Exam CGEIT topic 1 question 13 discussion

Actual exam question from Isaca's CGEIT
Question #: 13
Topic #: 1
[All CGEIT Questions]

Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT?

  • A. Benchmark how other IT organizations are treating the new requirements.
  • B. Adopt a zero-tolerance approach for noncompliance with regulatory matters.
  • C. Treat as a risk to be assessed before developing a response.
  • D. Use a cost-benefit analysis to determine if compliance is warranted.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by dtdtdt1977 at Dec. 3, 2021, 8:35 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Manohar05
1 week ago
Selected Answer: B
How can one think of cost benefit analysis if it is a regulatory requirement. There should be zero tolerance towards it. Otherwise the regulator will penalize the organization for non compliance. Regulators usually bring guidelines after analyzing risk.
upvoted 1 times
...
Chiraag
1 year ago
Selected Answer: C
Answer should be C
upvoted 1 times
...
Frank1480
1 year, 10 months ago
It should be C - Legal and regulatory requirements applicable to IT can vary depending on the industry, region, and type of IT systems involved. Treating them as a risk to be assessed before developing a response is a best practice, as it helps the enterprise to identify potential impacts, assess the likelihood of occurrence, and develop a plan to mitigate the risks.
upvoted 1 times
...
dtdtdt1977
3 years, 1 month ago
It should be c, treat every legal or regulatory requirements as a risk to be assessed...this is according to the CISM guidelines.
upvoted 1 times
John_Connor
3 years, 1 month ago
I havent done CISM but within GEIT, cost-benefit needs to be done always. Its part of the performance measurement approach, please refer figure 1.19 (in the 7th edition).
upvoted 1 times
GRamos
1 year, 11 months ago
Before you can can do a COST BENEFIT you need to know first what the risk is. Then determine the CB and choose the response.
upvoted 2 times
...
...
Ramye
3 years ago
If cost is higher than benefits then why spending more to be complaint?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel