What should be an information security manager’s FIRST course of action when an organization is subject to a new regulatory requirement?

What should be an information security manager’s FIRST course of action when an organization is subject to a new regulatory requirement?
A . Perform a gap analysis
B . Complete a control assessment
C . Submit a business case to support compliance
D . Update the risk register

View Answer

Answer: C