ExamTopics Logo
Mail Usteam@examtopics.com
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 299 discussion

Actual exam question from Isaca's CISM
Question #: 299
Topic #: 1
[All CISM Questions]

A new regulatory requirement affecting an organization's information security program is released. Which of the following should be the information security manager's FIRST course of action?

  • A. Conduct benchmarking
  • B. Perform a gap analysis
  • C. Notify the legal department
  • D. Determine the disruption to the business
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Community vote distribution
B (90%)
10%
by aokisan at Dec. 11, 2022, 4:05 p.m.

Comments

Chosen Answer:
This is a voting comment. You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
e891cd1
3 months, 3 weeks ago
B. but it depends on what ISACA wants you to do. I think an Ciso would better understand the risk to the business. Why would i consult legal before i understand the impact.
upvoted 1 times
...
Manix
7 months, 3 weeks ago
Selected Answer: C
2.4.7 Regulations must be first evaluated by legal/general councel...
upvoted 1 times
Salilgen
6 months, 3 weeks ago
Legal councel must evaluate to determine the exposure the enterprise is subject. ISM should perform a gap analysis to enable this evaluation.
upvoted 1 times
...
...
oluchecpoint
1 year ago
B. Perform a gap analysis Performing a gap analysis involves assessing the organization's current information security controls, policies, and practices against the new regulatory requirements. This allows the manager to identify areas where the organization may fall short of compliance and where improvements or adjustments are needed. It provides a clear understanding of what needs to be done to align with the new regulation, which is crucial before taking any further actions, such as notifying the legal department or determining the disruption to the business. Once the gap analysis is complete, the information security manager can then develop a plan to address any deficiencies and ensure compliance with the new regulatory requirements.
upvoted 1 times
...
ahmed1988_
1 year, 1 month ago
go with B
upvoted 1 times
...
richck102
1 year, 3 months ago
B. Perform a gap analysis
upvoted 1 times
...
dedfef
1 year, 5 months ago
Selected Answer: B
Gap analysis allows you to identify the controls you have in place. Therefore, you will be able to determine if current controls mitigate the risk of the new regulations
upvoted 2 times
...
jaiz
1 year, 6 months ago
Selected Answer: B
FIRST course of action when a new regulatory requirement affecting the organization's information security program is released should be to perform a gap analysis. This involves reviewing the organization's existing information security program to identify areas where it may not meet the new regulatory requirements. Once the gap analysis is complete, the information security manager can develop a plan to address any deficiencies and ensure that the organization is in compliance with the new regulatory requirement.
upvoted 1 times
...
baranikumar_v
1 year, 8 months ago
B. Gap analysis has to be performed first.
upvoted 2 times
...
Funshykay
1 year, 8 months ago
Selected Answer: B
A gap analysis is needed to determine if there were adequate control already in place.
upvoted 3 times
...
aokisan
1 year, 9 months ago
Selected Answer: B
at first, check the gap.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
N10-009
Cape Town, 1 minute ago