Table of Contents
Question
An organization has acquired a company in a foreign country to gain an advantage in a new market. Which of the following is the FIRST step the information security manager should take?
A. Evaluate the information security laws that apply to the acquired company
B. Apply the existing information security program to the acquired company
C. Merge the two existing information security programs
D. Determine which country’s information security regulations will be used
Answer
A. Evaluate the information security laws that apply to the acquired company
Explanation
The correct answer is A. Evaluate the information security laws that apply to the acquired company. This is the first step because the information security manager needs to understand the legal and regulatory requirements that affect the acquired company, and how they differ from the ones that apply to the parent organization.
This will help the information security manager to identify any gaps or conflicts between the two sets of laws, and to plan for appropriate actions to address them. For example, some countries may have stricter data protection or privacy laws than others, which may require different levels of encryption, consent, or disclosure .
Applying or merging the existing information security programs without evaluating the legal context may result in non-compliance, fines, lawsuits, or reputational damage . Therefore, it is important to assess the legal environment before implementing any changes to the information security program of the acquired company.
Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.