CGEIT Domain 2: Strategic Management [DECOMMISSIONED ARTICLE]
NOTE: This article reflects an older version of the CGEIT Exam -- please see the current CGEIT Certification page for the most up-to-date information.
Strategic Management falls under the second domain of ISACA’s Certified in the Governance of Enterprise IT (CGEIT) exam and constitutes 20% of the overall objectives for the exam. Strategic management ensures that IT allows and supports the accomplishment of enterprise’s objectives through the alignment and integration of IT-strategic plans with the enterprise’s overall strategic plans. The following sections delve into strategic management that candidates must understand to take the CGEIT exam.
What Topics are Covered in this Domain?
This domain covers six (6) task statements and eleven (11) knowledge statements. CGEIT candidates must understand these topics thoroughly to best prepare for the CGEIT exam. Each topic of this domain is listed below:
Get certified with an Exam Pass Guarantee
Looking to get certified? Many of our boot camps are backed by an Exam Pass Guarantee, ensuring you leave with the certification you want.
Task Statements
- Evaluate, direct, and monitor IT strategic planning processes to ensure alignment with enterprise goals
- Ensure that appropriate policies and procedures are in place to support IT and enterprise strategic alignment
- Ensure that the IT strategic planning processes and related outputs are adequately documented and communicated
- Ensure that enterprise architecture (EA) is integrated into the IT strategic planning process
- Ensure prioritization of IT initiatives to achieve enterprise objectives
- Ensure that IT objectives cascade into clear roles, responsibilities, and actions for IT personnel
Knowledge Statements
- Knowledge of an enterprise’s strategic plan and how it relates to IT
- Knowledge of strategic planning processes and techniques
- Knowledge of the impact of changes in business strategy on IT strategy
- Knowledge of barriers to the achievement of strategic alignment
- Knowledge of policies and procedures necessary to support IT and business strategic alignment
- Knowledge of methods to document and communicate IT strategic planning processes (for example, IT dashboard/balanced scorecard, key indicators)
- Knowledge of the components, principles, and frameworks of enterprise architecture (EA)
- Knowledge of current and future technologies
- Knowledge of prioritization processes related to IT initiatives
- Knowledge of scope, objectives, and benefits of IT investment programs
- Knowledge of IT roles, responsibilities, and methods to cascade business and IT objectives to IT personnel
What Do I Need to Know About Strategic Management?
As mentioned, Strategic Management is aimed at ensuring that IT allows and supports the accomplishment of business objectives by integrating an IT strategic plan with the business strategic plans and aligning the IT services with the enterprise operations to optimize the business process. The CGEIT candidate must be mindful of how and why IT strategy and business strategy are linked, what concepts are required to achieve alignment between them, and how alignment can be implemented in practice to allow IT to manage business growth and operations.
IT Strategic Planning Process: This is the process undertaken by the enterprise to develop a plan for the achievement of its overall goals. The enterprise needs to develop and implement a strategic planning process to support its vision and direction as well as to enhance the alignment with the business units it enables. The IT strategic planning process is indispensable for enterprises because it directly integrates to, or indirectly influences, every other role, measurement, and process. The CGEIT professional must be able to evaluate, direct, and monitor IT strategic planning processes to ensure the alignment with enterprise goals. Be aware, however, that the IT strategic planning process may vary among different organizations.
The following IT strategic planning process is used by the Intel Corporation. It describes their processes along with the agreed upon timeframe:
- Vision and mission developed communicated—December-January
- Three- to five-year business and technology outlook—April
- Current state analysis—July
- Annual budget and investment plan—August-September
- Governance, process, and decision-making—Ongoing
- Regular balanced scorecard reviews—Monthly
Enterprise Strategic Alignment: ISACA describes the state of the enterprise strategic alignment as that in which an enterprise’s investment in IT is in harmony with its strategic objectives (e.g., intents, current strategy, and enterprise goals). This establishes the capabilities crucial to achieving business value. The premise of accomplishing strategic alignment is the strategic planning process— describing business strategies from which IT strategies are to be attained. IT strategy needs to be reviewed periodically to ensure necessary sync up with business targets. A good understanding of enterprise objectives is indispensable while planning these strategies.
Enterprises that successfully align their business strategy with IT strategy could enhance their business performance. Business-IT alignment was listed as the top concern of IT managers in the “2013 Trends Survey” by the Society for Information Management (Kappelman et al., 2013). Tarafdar and Qrunfleh argue that alignment at the tactical and operational level is vital to ensure that applications are successfully deployed, maintained, and used according to business needs.
Appropriate Policies and Procedures: The CGEIT candidate must understand how appropriate policies and procedures can help in supporting IT and enterprise strategic alignment.
Documentation and Communication of IT Strategic Planning Processes: Documentation and Communication are the two most critical aspects of enterprises for surviving and competing in the business industry. An IT strategy and execution plan needs to be documented so that future deviations can be monitored, tracked and optimized when required.
Timely and appropriate communication is also a key factor for successful task execution. Because of this, an approved communication matrix, frequency, and escalation mechanism need to be established across the organization.
Prioritization of IT Initiatives: IT initiatives is a technology planning stage that includes the design, specification, bidding, and coordination of advanced IT technologies to achieve enterprise objectives. As a CGEIT, you must be able to ensure prioritization of IT initiatives to achieve business objectives.
What Do I Need to Know About Enterprise Architecture?
An Enterprise Architecture (EA) is the conceptual framework that describes the structure and operations of an enterprise. EA helps in ensuring that enterprise goals, policies, and objectives are accurately and properly reflected in decision-making pertaining to building, implementing, or changing information systems. This ensures that standards for inter-process communication, information systems, data structures, data representation, and data mining will be appropriately and consistently applied across the organization.
EA Framework: An EA framework defines how to create and employ enterprise architecture. It provides practices and principles for building and employing an architectural description of the system. The architecture description is divided into domains, views, and layers. In addition, EA offers models—generally diagrams and matrices for documenting each domain. EA models help in making long-term decisions regarding new design requirements, support, and sustainability as well as making systematic design decisions on all components of the system. The following diagram shows the NIST Enterprise Architecture Model. It consists of five layers of enterprise architecture, including Business Architecture, Information Architecture, Information Systems Architecture, Data Architecture, and Delivery Systems Architecture (Hardware, Software, and Communications).
Source: Fong & Elizabeth & Alan Goldfine; Information Management Decisions: The Integration Challenge, US Department of Commerce, National Institute of Standards and Technology (NIST), NIST Special Publications 500-167, US, 1989.
The NIST EA model can help CGEIT professionals in establishing e-portals (communication infrastructure), databases (information repositories/stores), and E-commerce systems (application systems). Since an enterprise involves various complex components, the CGEIT candidates must understand their implementation steps and the interrelationship between them.
The Chief Information Officers (CIOs) in enterprises can use EA models to make decisions, manage change, improve communications, and ensure that IT resources are consistent and managed with a business planning. Once an appropriate EA framework is established, the critical areas need to be focused on a priority basis. These critical areas include:
- EA compliance, waivers, and certification
- IT personnel planning
- Legacy systems integration
- Change management
Where Should I Focus My Time Studying this Domain?
Though taking any exam is stressful, the candidates can make it easier by improving the way they study. Whether the student is a morning person or a night-owl, he/she should study with a consistent time schedule for each day rather than relying on last-minute cramming.
Studying for the CGEIT second domain (Strategic Management) efficiently and effectively will keep candidates from feeling unprepared and set them on the path to success. Doing so requires the candidates to review the CGEIT syllabus for this domain, pay attention in classes, prepare good notes, and make studying a part of their habits.
In addition, candidates should also focus on these tips:
- Use diagrams and flowcharts
- Practice with old CGEIT exams
- Explain answers to others to reinforce one’s understanding of the theory, not just the correct answers
- Take regular breaks
- Try to get rid of all types of distractions and sit in a quiet location
More importantly, the candidates should pay heed to the CGEIT-approved course material which is available at ISACA’s Official Bookstore. In addition, candidates are encouraged to refer to this “CGEIT Resources” article in order to find the best books, test materials, and study guides to prepare for the strategic management part of the CGEIT exam.
InfoSec CGEIT Boot Camp—Your Best Bet
InfoSec Institute's CGEIT Boot Camp Training is specifically designed to prepare students for ISACA's certification on IT governance principles and practices. You can enroll in this course on your way to acquiring a professional CGEIT certification.
InfoSec has been one of the most awarded (42 industry awards) and trusted information security training vendors for over 17 years.
Get certified with our Exam Pass Guarantee
Many of our boot camps come with an Exam Pass Guarantee: if you fail on your first attempt, we'll invite you to re-sit the course for free and cover the cost of your second exam.
InfoSec also offers thousands of articles on a variety of security topics.
Enroll in an Infosec boot camp and earn your next IT or security certification — guaranteed.
- Live training from anywhere
- Practical, hands-on training
- Exam Pass Guarantee!
In this Series
- CGEIT Domain 2: Strategic Management [DECOMMISSIONED ARTICLE]
- Top Linux+ interview questions for 2024
- The 2024 guide to CCNP salary: What to expect as a certified professional
- CCPT vs. GCPN: A cloud certification comparison
- Average SCADA Security (CSSA) salary
- Top 5 things you must know to pass the AWS Security Specialist exam
- SSCP Certification: Overview and Career Path
- Average CompTIA Linux+ salary [2022 update]
- Linux+ certification: Related training and courses [2022 update]
- Why information security professionals should learn about law
- Want to lead a global privacy program? 6 things to know about CIPM
- CIPP/US: 5 things to know about privacy and cybersecurity law
- CompTIA Cloud+ Certification: An Overview [updated 2021]
- CertNexus CyberSec First Responder: Certification, exam and training details
- CertNexus Certified IoT Security Practitioner: Certification, exam and training details
- CertNexus certification and career path overview
- CertNexus Cyber Secure Coder: Certification, exam and training details
- The OSCP certification and exam [updated 2021]
- Average SSCP Salary [Updated 2021]
- Average HCISSP salary [Updated 2021]
- Average Certified Penetration Tester (CPT) salary [Updated 2021]
- Average CCIE salary [updated 2021]
- Average RHCE salary [updated 2021]
- CCNA security retired: Time to earn your Cisco CyberOps certification?
- CompTIA Linux+ XK0-005 – what changed with this cert and test? [2022 update]
- Free online cyber security training: Courses, hands-on training, practice exams
- The CPT certification and exam
- The CEPT certification and exam
- Do you need CIPT certification?
- VCP 6.5 Certification & Exam
- Everything you need to know about CIPT certification
- Average IT security auditor salary
- Average RHCSA Salary
- CompTIA IT Fundamentals+ Certification: An Overview
- Average help desk support salary in 2018
- 7 most difficult information security certifications
- The GSEC certification and exam
- The International Association of Privacy Professionals CIPT Certification
- Becoming a Cybersecurity Practitioner (CSXP)
- International Association of Privacy Professionals (IAPP): Certification overview
- InfoSec Institute Launches Security Awareness Practitioner Certification
- GCIH certification overview
- The International Association of Privacy Professionals CIPP/E Certification
- The International Association of Privacy Professionals CIPM Certification
- GIAC penetration tester (GPEN) certification
- What is the GCFE?
- GIAC Certifications Overview
- CGEIT Domain 5: Resource Optimization [DECOMMISSIONED ARTICLE]
- The IAPP CIPP/US certification: The leading U.S. privacy credential
- CGEIT Domain 4: Risk Optimization
- Certified Wireless Security Specialist (CWSS) Salary
