An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:
Click on the arrows to vote for the correct answer
A. B. C. D.B.
It is more efficient to establish a baseline standard and then develop additional standards for locations that must meet specific requirements.
Seeking a lowest common denominator or just using industry best practices may cause certain locations to fail regulatory compliance.
The opposite approach"forcing all locations to be in compliance with the regulations places an undue burden on those locations.
When an organization operates globally, it may be subject to different regulations and legal requirements from various governmental jurisdictions. These regulations can vary greatly in their approach to information security and data privacy, and therefore it can be a challenging task for an information security manager to develop and implement a cohesive strategy that aligns with all the requirements.
Option A suggests that an organization should bring all locations into conformity with the aggregate requirements of all governmental jurisdictions. This approach may be overly burdensome and impractical as it would require compliance with all the different regulations, which can be difficult to reconcile, and may also result in duplication of efforts and costs.
Option B suggests establishing baseline standards for all locations and adding supplemental standards as required. This approach is a more practical and efficient way to manage compliance with multiple regulatory frameworks. By developing a set of baseline standards, an organization can ensure that all locations meet minimum compliance requirements while accommodating jurisdiction-specific requirements with additional measures.
Option C suggests bringing all locations into conformity with a generally accepted set of industry best practices. While industry best practices can be a useful guide for developing an information security program, they do not necessarily take into account jurisdiction-specific requirements. This approach may be insufficient in ensuring compliance with regulations across all locations.
Option D suggests establishing a baseline standard incorporating those requirements that all jurisdictions have in common. This approach focuses on meeting the common requirements of all regulatory frameworks, which can be a practical way to manage compliance across locations. However, it is essential to keep in mind that this approach may not be sufficient to ensure compliance with all regulatory requirements.
In conclusion, option B is the most practical and effective approach for an information security manager to manage compliance with multiple regulatory frameworks. It allows an organization to establish a baseline standard for all locations while accommodating jurisdiction-specific requirements with additional measures.