Home » Isaca » CISM » What should the information security manager do FIRST?
An organization has to comply with recently published industry regulatory requirements–compliance that potentially has high implementation costs. What should the information security manager do FIRST?
A. Implement a security committee.
B. Perform a gap analysis.
C. Implement compensating controls.
D. Demand immediate compliance.
Correct Answer: B
Explanation/Reference:
Explanation:
Since they are regulatory requirements, a gap analysis would be the first step to determine the level of compliance already in place. Implementing a security committee or compensating controls would not be the first step. Demanding immediate compliance would not assess the situation.
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
