To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:
A . interview senior management
B . conduct a risk assessment
C . conduct a cost-benefit analysis
D . perform a gap analysis

View Answer

Answer: D