Certified Information Security Manager (CISM) — Question 583

An information security manager is preparing incident response plans for an organization that processes personal and financial information. Which of the following is the MOST important consideration?

Answer options

• A. Aligning with an established industry framework
• B. Determining budgetary constraints
• C. Identifying regulatory requirements
• D. Aligning with enterprise architecture (EA)

Correct answer: C

Explanation

The most crucial aspect in this scenario is identifying regulatory requirements, as compliance with laws and regulations is essential when dealing with personal and financial information. While aligning with an established industry framework, determining budgetary constraints, and aligning with enterprise architecture are important, they do not take precedence over ensuring regulatory compliance.