nerdexam
ExamsCISMQuestions#805
IsacaIsaca

CISM · Question #805

CISM Question #805: Real Exam Question with Answer & Explanation

The correct answer is B: Reassess the applicability of the requirements on the business.. When legislation changes, the first step is to reassess how the updated requirements apply to the organization’s business. This determines scope and impact, and only after applicability is understood can control effectiveness be evaluated, gaps identified, management informed, or

Submitted by eva_at· Apr 18, 2026Information Security Governance

Question

An organization has been adhering to the requirements of stringent cybersecurity legislation in one of its local markets and a change to the legislation has recently occurred. Which of the following should the organization do FIRST?

Options

  • ADetermine the effectiveness of existing controls.
  • BReassess the applicability of the requirements on the business.
  • CCommunicate the changes in requirements to senior management.
  • DDevelop an implementation plan to address compliance gaps.

Explanation

When legislation changes, the first step is to reassess how the updated requirements apply to the organization’s business. This determines scope and impact, and only after applicability is understood can control effectiveness be evaluated, gaps identified, management informed, or implementation plans developed.

Topics

#Compliance Management#Regulatory Changes#Impact Assessment#Legal Requirements

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CISM PracticeBrowse All CISM Questions