An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:

An information security manager at a global organization that is subject to regulation by multiple
governmental jurisdictions with differing requirements should:

An information security manager at a global organization that is subject to regulation by multiple
governmental jurisdictions with differing requirements should:

A.
bring all locations into conformity with the aggregate requirements of all governmental
jurisdictions.

B.
establish baseline standards for all locations and add supplemental standards as required.

C.
bring all locations into conformity with a generally accepted set of industry best practices.

D.
establish a baseline standard incorporating those requirements that all jurisdictions have in
common.

Explanation:

It is more efficient to establish a baseline standard and then develop additional standards for
locations that must meet specific requirements. Seeking a lowest common denominator or just
using industry best practices may cause certain locations to fail regulatory compliance. The
opposite approach—forcing all locations to be in compliance with the regulations places an undue
burden on those locations.



Leave a Reply 0

Your email address will not be published. Required fields are marked *