Certified Information Security Manager (CISM) — Question 585

Which of the following would be MOST useful in determining how an organization will be affected by a new regulatory requirement for cloud services?

Answer options

• A. Data loss protection plan
• B. Risk assessment
• C. Information asset inventory
• D. Data classification policy

Correct answer: B

Explanation

A Risk assessment is crucial for identifying the potential impacts and compliance requirements related to new regulations. While a Data loss protection plan, Information asset inventory, and Data classification policy are important for data management, they do not specifically evaluate the implications of regulatory changes.