Certified Information Security Manager (CISM) — Question 498

Which of the following security initiatives should be the FIRST step in helping an organization maintain compliance with privacy regulations?

Answer options

• A. Implementing a data classification framework
• B. Implementing security information and event management (SIEM)
• C. Installing a data loss prevention (DLP) solution
• D. Developing security awareness training

Correct answer: A

Explanation

The correct answer, A, emphasizes that establishing a data classification framework is essential for understanding how data is handled and protected, which is fundamental for compliance. The other options, while important, focus on specific aspects of security or training that are secondary to the foundational understanding of data classification required for compliance.