Certified Information Security Manager (CISM) — Question 830

Which of the following should an organization do FIRST when confronted with the transfer of personal data across borders?

Answer options

• A. Define policies and standards for data processing.
• B. Implement applicable privacy principles.
• C. Research cyber insurance policies.
• D. Assess local or regional regulation.

Correct answer: D

Explanation

The correct answer is D because understanding the local or regional regulations is crucial before taking any further steps regarding data transfer. Options A and B are important but are secondary to first ensuring compliance with the relevant legal frameworks. Option C is not directly related to the immediate requirements for handling personal data transfers.