An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager’s FIRST course of action?
A.
Develop customized security training for employees at the new office
B.
Encrypt the data for transfer to the head office based on security manager approval
C.
Update privacy policies to include the other country’s laws and regulations
D.
Identify applicable regulatory requirements to establish security policies
The first course of action is to identify applicable regulatory requirements (D). CISM governance requires understanding legal and regulatory obligations before defining policies, controls, or technical measures. Encryption (B), training (A), and policy updates (C) must be based on regulatory requirements to ensure compliance and avoid legal exposure. Jurisdictional risk assessment is foundational when operating across borders.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit