A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager’s FIRST course of action?
A. Review the current security policy.
B. Inform senior management of the new regulation.
C. Update the security incident management process.
D. Determine impact to the business.
A. Review the current security policy.
B. Inform senior management of the new regulation.
C. Update the security incident management process.
D. Determine impact to the business.