Mysystem.org IT ExamsCISM Question 15 2017-04-07
Question: An organization has to comply with recently published industry regulatory requirements- compliance that potentially has high implementation costs. What should the information security manager do FIRST?
A.) Implement a security committee.
Answer ==> B.) Perform a gap analysis.
C.) Implement compensating controls.
D.) Demand immediate compliance.