CISM Certified Information Security Manager – Question0511

An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance. Which of the following would provide the MOST useful information for planning purposes?

A.
Results from a gap analysis
B. Results from a business impact analysis
C. Deadlines and penalties for noncompliance
D. An inventory of security controls currently in place

Correct Answer: D