Home » Isaca » CISM » Which an organization may be affected by new privacy legislation, information security management should FIRST:
In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
A. develop an operational plan for achieving compliance with the legislation.
B. identify systems and processes that contain privacy components.
C. restrict the collection of personal information until compliant.
D. identify privacy legislation in other countries that may contain similar requirements.
Correct Answer: B
Explanation/Reference:
Explanation:
Identifying the relevant systems and processes is the best first step. Developing an operational plan for achieving compliance with the legislation is incorrect because it is not the first step. Restricting the collection of personal information comes later. Identifying privacy legislation in other countries would not add much value.
|
Download Printable PDF. VALID exam to help you PASS.
|
 |
