CISA Certified Information Systems Auditor – Question0544

A multinational organization is introducing a security governance framework. The information security manager’s concern is that regional security practices differ. Which of the following should be evaluated FIRST?

A.
Local regulatory requirements
B. Local IT requirements
C. Cross-border data mobility
D. Corporate security objectives

Correct Answer: A