ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 532 discussion

Actual exam question from Isaca's CISM
Question #: 532
Topic #: 1
[All CISM Questions]

Which of the following should an information security manager do FIRST when assessing conflicting requirements between the global organization's security standards and local regulations?

  • A. Conduct a gap analysis against local regulations.
  • B. Perform a cost-benefit analysis of compliance.
  • C. Create a local version of the organizational standards.
  • D. Prioritize the organizational standards over local regulations.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Manzer at Dec. 18, 2022, 3:31 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Manzer
Highly Voted 1 year ago
Selected Answer: A
Gap first, then cost benefit.
upvoted 8 times
...
oluchecpoint
Most Recent 4 months ago
Selected Answer: A
This step is crucial because it helps the information security manager understand the specific areas where conflicts or gaps exist. Once the gaps are identified, the manager can then proceed with further actions, such as evaluating the impact, determining the best course of action, and potentially involving relevant stakeholders in decision-making.
upvoted 1 times
...
AaronS1990
4 months, 2 weeks ago
Selected Answer: A
A then B
upvoted 1 times
...
richck102
6 months, 2 weeks ago
A. Conduct a gap analysis against local regulations.
upvoted 1 times
...
karanvp
6 months, 2 weeks ago
Selected Answer: B
Answer is B. Because the question already highlight that conflict, which means the Gap Analysis done. Hence Cost-Benefit is the correct option.
upvoted 4 times
Josef4CISM
3 days ago
Not entirely correct. A conflict of global vs local regulations has been noted, but it's not clear what the extent of non-compliance is. By performing a gap analysis an information security manager will be able to identify specific measures needed to close the gap.
upvoted 1 times
...
...
Dravidian
8 months, 3 weeks ago
Selected Answer: A
Need to know what's required first before we can try to price it out.
upvoted 1 times
...
Souvik124
10 months, 4 weeks ago
When assessing conflicting requirements between the global organization's security standards and local regulations, the information security manager should FIRST conduct a gap analysis against local regulations. This will help the manager to identify areas where the global organization's security standards may conflict with local regulations and help to develop a plan to address those conflicts. The manager can then work with legal and compliance teams to determine the best course of action for achieving compliance with both the organizational standards and local regulations.
upvoted 2 times
...
Broesweelies
11 months, 1 week ago
Selected Answer: B
B is correct
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago