Which of the following would BEST prepare an information security manager for regulatory
reviews?

A.
Assign an information security administrator as regulatory liaison

B.
Perform self-assessments using regulatory guidelines and reports

C.
Assess previous regulatory reports with process owners input

D.
Ensure all regulatory inquiries are sanctioned by the legal department

Explanation:

Self-assessments provide the best feedback on readiness and permit identification of items

requiring remediation. Directing regulators to a specific person or department, or assessing
previous reports, is not as effective. The legal department should review all formal inquiries but
this does not help prepare for a regulatory review.