An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information.
What actions should the board take next?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Information security governance is the responsibility of the board of directors and executive management.
In this instance, the appropriate action is to ensure that a plan is in place for implementation of needed safeguards and to require updates on that implementation.
In response to the recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information, the board of directors should take the following actions:
A. Direct information security on what they need to do: The board should direct the information security team to identify the requirements of the new legislation and determine what actions the organization needs to take to comply with it. This may involve conducting a risk assessment to identify potential threats and vulnerabilities to confidential customer information and developing a security program to address those risks.
B. Research solutions to determine the proper solutions: The board should research available solutions to determine the most effective and efficient ways to comply with the legislation. This may involve consulting with external experts or vendors to identify best practices and technologies that can be implemented to safeguard confidential customer information.
C. Require management to report on compliance: The board should require management to report on the organization's compliance with the legislation on a regular basis. This will enable the board to monitor progress, identify areas of weakness or non-compliance, and make any necessary adjustments to the organization's security program.
D. Nothing; information security does not report to the board: This option is incorrect. The board has ultimate responsibility for the organization's overall security posture, including the protection of confidential customer information. Information security should report to the board on a regular basis to ensure that the organization's security program is effective and in compliance with all relevant laws and regulations.