When updating the information security policy to accommodate a new regulation, the information security manager should FIRST: A. review key risk indicators (KRIs). B. consult process owners. C. update key performance indicators (KPIs). D. perform a gap analysis. Suggested Answer: D This question is in CISM exam For getting Certified Information Security Manager Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams. Trademarks, certification & product names are used for reference only and belong to ISACA.
Please login or Register to submit your answer