An enterprise learns that a new privacy regulation was recently published to protect customers in the event of a breach involving personally identifiable information (PII). The IT risk management team’s FIRST course of action should be to:
A. evaluate the risk appetite for the new regulation.
B. determine if the new regulation introduces new risk.
C. assign a risk owner for the new regulation.
D. define the risk tolerance for the new regulation.
A. evaluate the risk appetite for the new regulation.
B. determine if the new regulation introduces new risk.
C. assign a risk owner for the new regulation.
D. define the risk tolerance for the new regulation.