You are the IT manager in Bluewell Inc. You identify a new regulation for safeguarding the information processed by a specific type of transaction. What would be the FIRST action you will take?

A. Assess whether existing controls meet the regulation

B. Update the existing security privacy policy

C. Meet with stakeholders to decide how to comply

D. Analyze the key risk in the compliance process








 

Suggested Answer: A

When a new regulation for safeguarding information processed by a specific type of transaction is being identified by the IT manager, then the immediate step would be to understand the impact and requirements of this new regulation. This includes assessing how the enterprise will comply with the regulation and to what extent the existing control structure supports the compliance process. After that manager should then assess any existing gaps.
Incorrect Answers:
B, C, D: These choices are appropriate as well as important, but are subsequent steps after understanding and gap assessment.

This question is in CRISC exam 
For getting Risk and Information Systems Control Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISACA.
The website does not contain actual questions and answers from ISACA's Certification Exams.
Trademarks, certification & product names are used for reference only and belong to ISACA.