Which of the following should be the FIRST step when a company is made aware of new regulatory requirements impacting IT?

Which of the following should be the FIRST step when a company is made aware of new regulatory requirements impacting IT?
A . Perform a risk assessment.
B . Prioritize impact to the business units.
C . Perform a gap analysis.
D . Review the risk tolerance and appetite.

Answer: C

Which of the following should be the FIRST step when a company is made aware of new regulatory requirements impacting IT?

Author

Leave a Reply Cancel reply