CISM Certified Information Security Manager – Question0214

Which of the following should be the FIRST step to ensure an information security program meets the requirements of new regulations?

A.
Validate the asset classification schema.
B. Integrate compliance into the risk management process.
C. Assess organizational security controls.
D. Conduct a gap analysis to determine necessary changes.

Correct Answer: B