Assessing the Impact of Wearable Technology on the Enterprise

B.

When an enterprise is assessing whether to utilize wearable technology, the CTO's first step should be to understand the enterprise's risk tolerance (option B).

The reason for this is that introducing wearable technology into the enterprise's IT ecosystem can bring new risks that may not have been present before. For example, wearable technology can introduce privacy concerns if personal information is collected, stored, or transmitted without proper security controls. It can also increase the risk of data breaches if the wearable device is lost or stolen.

Therefore, the CTO should assess the enterprise's risk tolerance to determine the level of risk the enterprise is willing to accept. This can be done by examining the enterprise's risk management policies and procedures, as well as by consulting with relevant stakeholders such as the board of directors, senior management, and legal counsel.

Once the CTO has a clear understanding of the enterprise's risk tolerance, the next step is to map the business goals to IT risk processes (option C). This involves identifying the business goals that the enterprise hopes to achieve by adopting wearable technology and determining the IT risks that may arise in the process. The CTO can then develop appropriate risk management strategies to mitigate these risks.

Prioritizing wearable technology risk (option A) and creating an IT risk scorecard (option D) are important steps in the risk management process, but they should come after the CTO has assessed the enterprise's risk tolerance and mapped the business goals to IT risk processes. Prioritizing risk and creating a risk scorecard can help the CTO to determine which risks are most critical and allocate resources accordingly.