Which of the following is the BEST information source for management to use as an aid in the identification of
assets that are subject to laws and regulations?

A.
Security incident summaries

B.
Vendor best practices

C.
CERT coordination center

D.
Significant contracts

Explanation:
Contractual requirements are one of the sources that should be consulted to identify the requirements for the
management of information assets. Vendor best practices provides a basis for evaluating how competitive an
enterprise is, while security incident summaries are a source for assessing the vulnerabilities associated with
the IT infrastructure. CERT {www.cert.org) is an information source for assessing vulnerabilities within the IT
infrastructure.