Certified Information Security Manager (CISM) — Question 579

An organization has recently acquired a smaller company located in a different geographic region. Which of the following is the BEST approach for addressing conflicts between the parent organization's security standards and local regulations affecting the acquired company?

Answer options

• A. Adopt the standards of the newly acquired company
• B. Give precedence to the parent organization's standards
• C. Create a local version of the parent organization's standards
• D. Create a global version of the local regulations

Correct answer: C

Explanation

Creating a local version of the parent organization's standards (C) allows the company to comply with local regulations while maintaining alignment with the parent company's security requirements. Options A and B are inadequate as they either ignore local compliance or disregard the parent company's standards. Option D is not practical, as it does not address the need for harmonization between local regulations and the parent organization's standards.