Question: In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
A.) develop an operational plan for achieving compliance with the legislation.
B.) identify systems and processes that contain privacy components.
C.) restrict the collection of personal information until compliant.
D.) identify privacy legislation in other countries that may contain similar requirements.

Download pdf (with explanations) edition of this exam.