PrepAway - Latest Free Exam Questions & Answers

What should the information security manager do FIRST?

An organization has to comply with recently published industry regulatory requirements — compliance that
potentially has high implementation costs. What should the information security manager do FIRST?

PrepAway - Latest Free Exam Questions & Answers

A.
Implement a security committee.

B.
Perform a gap analysis.

C.
Implement compensating controls.

D.
Demand immediate compliance.

Explanation:

Since they are regulatory requirements, a gap analysis would be the first step to determine the level of compliance already in place. Implementing a security committee or compensating controls would not be the first step. Demanding immediate compliance would not assess the situation.


Leave a Reply