IsacaIsaca
CISM · Question #529
CISM Question #529: Real Exam Question with Answer & Explanation
The correct answer is D: Conducting a gap analysis. Conducting a gap analysis is critical to understand where current controls fall short of the new requirements, allowing the organization to prioritize remediation and allocate resources
Submitted by hassan_iq· Apr 18, 2026Information Security Governance
Question
What is the MOST important consideration for an organization operating in a highly regulated market when new regulatory requirements with high impact to the business need to be implemented?
Options
- AEngaging an external audit
- BEstablishing compensating controls
- CEnforcing strong monitoring controls
- DConducting a gap analysis
Explanation
Conducting a gap analysis is critical to understand where current controls fall short of the new requirements, allowing the organization to prioritize remediation and allocate resources
Topics
#Regulatory Compliance#Gap Analysis#Compliance Management#Implementation Planning
Community Discussion
No community discussion yet for this question.