What should be an information security manager’s FIRST course of action when an organization is subject to a new regulatory requirement?

Posted by: Pdfprep Category: CISM Tags: Isaca Certificaton, CISM exam questions, CISM practice exam Post Date: December 2, 2020

What should be an information security manager’s FIRST course of action when an organization is subject to a new regulatory requirement?
A . Perform a gap analysis
B . Complete a control assessment
C . Submit a business case to support compliance
D . Update the risk register

Answer: C

What should be an information security manager’s FIRST course of action when an organization is subject to a new regulatory requirement?

Author