Certified Information Security Manager (CISM) — Question 367

Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?

Answer options

• A. Review contracts and statements of work (SOWs) with vendors.
• B. Determine current and desired state of controls.
• C. Execute a risk treatment plan.
• D. Implement data regionalization controls.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of understanding both the current and desired states of controls to ensure compliance with regulations. While reviewing contracts (A), executing a risk treatment plan (C), and implementing data regionalization controls (D) are important steps, they do not provide a comprehensive view of the control environment necessary for compliance.