CISA Certified Information Systems Auditor – Question0694

Which of the following is the BEST source of information for an IS auditor to use as a baseline to assess the adequacy of an organization's privacy policy?

A.
Benchmark studies of similar organizations
B. Local privacy standards and regulations
C. Historical privacy breaches and related root causes
D. Globally accepted privacy best practices

Correct Answer: B