The CISO of a company states that the IT department has serious problems to solve:
– There have been several breaches of company confidential data over the years.
– IT budgets are frequently inaccurate
– The IT organization may not meet regulatory compliance requirements for the several countries in which they operate.
– There is a lack of alignment of IT activities with the organization as a whole.
Which action should be taken by the board of directors and senior executives to most quickly and effectively resolve all of these issues and concerns?
A. Implement IT governance within the organization
B. Place company confidential data into security zones
C. Outsource IT functions to a third-party.
D. Form a services governance committee