CISA Certified Information Systems Auditor – Question0656

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:

A.
conduct a risk assessment.
B. perform a gap analysis.
C. conduct a cost-benefit analysis.
D. interview senior management.

Correct Answer: B