CISM Certified Information Security Manager – Question0825

An information security manager is reviewing the impact of a regulation on the organization’s human resources system. The NEXT course of action should be to:

A.
perform a gap analysis of compliance requirements.
B. assess the penalties for non-compliance.
C. review the organization’s most recent audit report.
D. determine the cost of compliance.

Correct Answer: A