A financial institution is dealing with a data breach that was caused by a sophisticated cyberattack on its customer$-$facing web portal. The institution uses COBIT $2019$ for IT governance and risk management. The board is concerned about the institution$$s ability to respond to the breach in a timely and effective manner. Which COBIT process should the institution prioritize to ensure that the breach is handled according to governance and risk management best practices?

Question $22$Answer

a$.$

APO$12($Manage Risk$),$ to improve the risk management process and ensure future incidents are prevented.

b$.$

DSS$05($Manage Security Services$),$ to immediately address the breach by applying corrective actions to minimize further damage.

c$.$

EDM$03($Ensure Risk Optimization$),$ to evaluate the risk response and ensure that appropriate measures are taken to mitigate the breach$$s impact on the institution.

d$.$

MEA$02($Monitor$,$ Evaluate, and Assess Performance and Conformance$),$ to assess how the breach affects the overall business operations and performance.