When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?
A . Create separate policies to address each regulation
B . Develop policies that meet all mandated requirements
C . Incorporate policy statements provided by regulators
D . Develop a compliance risk assessment
Answer: B
Explanation:
It will be much more efficient to craft all relevant requirements into policies than to create separate versions. Using statements provided by regulators will not capture all of the requirements mandated by different regulators. A compliance risk assessment is an important tool to verify that procedures ensure compliance once the policies have been established.
Latest CISM Dumps Valid Version with 1327 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund