A new version of an information security regulation is published that requires an organization’s compliance. The information security manager should FIRST:
A. perform an audit based on the new version of the regulation.
B. conduct a risk assessment to determine the risk of noncompliance.
C. conduct benchmarking against similar organizations.
D. perform a gap analysis against the new regulation.
A. perform an audit based on the new version of the regulation.
B. conduct a risk assessment to determine the risk of noncompliance.
C. conduct benchmarking against similar organizations.
D. perform a gap analysis against the new regulation.