To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:
A . conduct a risk assessment.
B . perform a gap analysis.
C . conduct a cost-benefit analysis.
D . interview senior management.

View Answer

Answer: B