An organization is required to comply with updates to an existing data protection regulation. Which of the following should the risk practitioner recommend be done FIRST?
A.
Perform effectiveness testing for the organization's data protection controls.
B.
Determine whether risk responses associated with the previous regulation are still adequate.
C.
Perform a gap analysis to determine if additional controls are required.
D.
Develop new internal control assessments for the updated regulation
The FIRST thing the risk practitioner should recommend is to determine whether risk responses associated with the previous regulation are still adequate.
Before performing a gap analysis to determine if additional controls are required, it is important to first evaluate the existing risk responses to ensure that they are still effective and adequate for the updated regulation. This evaluation will help to identify any gaps or areas where additional controls may be needed.
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
CbtL
8 months, 1 week agoCbtL
8 months, 1 week agoldl
9 months agoaki
10 months agojohn_boogieman
10 months, 2 weeks agoSuchib
1 year ago