An organization will be impacted by a new data privacy regulation due to the location of its production facilities. What action should the risk practitioner take when evaluating the new regulation?
A.
Perform an analysis of the new regulation to ensure current risk is identified.
B.
Evaluate if the existing risk responses to the previous regulation are still adequate.
C.
Assess the validity and perform update testing on data privacy controls.
D.
Develop internal control assessments over data privacy for the new regulation.
I am leaning towards B- you evaluate if the new regulation has changed anything and if current risk responses are adequate.
Also How do you find current risk by analysing the regulation. you review the regulation and then perform a gap assessment.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mynk29
3 months, 2 weeks agoCbtL
4 months, 3 weeks agojohn_boogieman
6 months, 3 weeks ago