Certified Information Security Manager (CISM) — Question 641

A company has a remote office located in a different country. The company's chief information security officer (CISO) has just learned of a new regulatory requirement mandated by the country of the remote office. Which of the following should be the NEXT step?

Answer options

• A. Integrate new requirements into the corporate policies
• B. Evaluate whether the new regulation impacts information security
• C. Create separate security policies and procedures for the new regulation
• D. Implement the requirement at the remote office location

Correct answer: B

Explanation

The correct answer is B because before making any changes to policies or implementing requirements, it is crucial to assess how the new regulation will impact information security. The other options are premature as they involve actions that should only be taken after understanding the regulation's implications.