CISM Certified Information Security Manager – Question0213

Which of the following should an information security manager do FIRST after learning about a new regulation that affects the organization?

A.
Evaluate the changes with legal counsel.
B. Notify the affected business units.
C. Assess the noncompliance risk.
D. Inform senior management of the new regulation.

Correct Answer: A