A new regulation in one country of a global organization has recently prohibited cross-border transfer of personal data. An IS auditor has been asked to determine the organization's level of exposure in the affected country. Which of the following would be MOST helpful in making this assessment?
A. Identifying data security threats in the affected jurisdiction
B. Reviewing data classification procedures associated with the affected jurisdiction
C. Identifying business processes associated with personal data exchange with the affected jurisdiction
D. Developing an inventory of all business entities that exchange personal data with the affected jurisdiction
A. Identifying data security threats in the affected jurisdiction
B. Reviewing data classification procedures associated with the affected jurisdiction
C. Identifying business processes associated with personal data exchange with the affected jurisdiction
D. Developing an inventory of all business entities that exchange personal data with the affected jurisdiction