Question: An organization has to comply with recently published industry regulatory requirements- compliance that potentially has high implementation costs. What should the information security manager do FIRST?
A.) Implement a security committee.
B.) Perform a gap analysis.
C.) Implement compensating controls.
D.) Demand immediate compliance.

Download pdf (with explanations) edition of this exam.