Certified Information Security Manager (CISM) — Question 795

An organization is in the process of acquiring a new company. Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Answer options

• A. Review data architecture.
• B. Include security requirements in the contract.
• C. Perform a risk assessment.
• D. Assess security controls.

Correct answer: C

Explanation

Conducting a risk assessment (C) is the best approach because it identifies potential vulnerabilities and threats to the new data assets, enabling appropriate protective measures. Reviewing data architecture (A) and assessing security controls (D) are important, but they do not specifically address the risks associated with the new data. Including security requirements in the contract (B) is also essential, but it does not actively evaluate the risks that need to be mitigated.