Certified in Risk and Information Systems Control (CRISC) — Question 404

Which of the following is MOST important for an organization to update following a change in legislation requiring notification to individuals impacted by data breaches?

Answer options

• A. Security awareness training
• B. Policies and standards
• C. Risk appetite and tolerance
• D. Insurance coverage

Correct answer: B

Explanation

The correct answer is B, as policies and standards must be updated to ensure compliance with new legal requirements regarding data breach notifications. While security awareness training, risk appetite, and insurance coverage are important, they do not directly address the need for updated policies that govern organizational responses to data breaches.