A new regulation has been enacted that mandates specific information security practices for the protection of customer data. Which of the following is MOST useful for an IS auditor to review when auditing against the regulation?
A.
Compliance gap analysis
B.
Customer data protection roles and responsibilities
C.
Customer data flow diagram
D.
Benchmarking studies of adaptation to the new regulation
When auditing against a new regulation mandating specific information security practices for the protection of customer data, a compliance gap analysis (option A) is the most useful for an IS auditor to review. A compliance gap analysis involves comparing the organization's current practices and controls against the requirements outlined in the regulation. This allows the auditor to identify any gaps or deficiencies in the organization's compliance with the regulation and assess the extent to which the organization meets the regulatory requirements. By conducting a compliance gap analysis, the auditor can provide valuable insights into areas where the organization needs to improve its information security practices to ensure compliance with the new regulation.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Swallows
1 month, 1 week ago