The Chief Information Officer (CIO) is focused on improving IT governance within the organization
to reduce system downtime. The CIO has mandated that the following improvements be
implemented:
-All business units must now identify IT risks and include them in their business risk profiles.
-Key controls must be identified and monitored.
-Incidents and events must be recorded and reported with management oversight.
-Exemptions to the information security policy must be formally recorded, approved, and
managed.
-IT strategy will be reviewed to ensure it is aligned with the businesses strategy and objectives.
In addition to the above, which of the following would BEST help the CIO meet the requirements?
A.
Establish a register of core systems and identify technical service owners
B.
Establish a formal change management process
C.
Develop a security requirement traceability matrix
D.
Document legacy systems to be decommissioned and the disposal process