Certified Information Security Manager (CISM) — Question 1081

A financial institution is expanding to international jurisdictions and is mindful of protecting customer information. Which of the following should be of GREATEST concern?

Answer options

• A. Ability to monitor and enforce security controls in multiple jurisdictions
• B. Global payment card industry regulations
• C. Privacy laws and regulations for each country in which the organization operates
• D. Information security resources available in each country in which the organization operates

Correct answer: C

Explanation

The greatest concern should be the privacy laws and regulations for each country, as compliance with these laws is essential to avoid legal penalties and protect customer data. While monitoring security controls (A), adhering to payment card regulations (B), and having information security resources (D) are important, they are secondary to ensuring compliance with local privacy laws, which directly affect how customer information is handled.