Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 2 Question 107 Discussion

Actual exam question for Isaca's CISM exam
Question #: 107
Topic #: 2
[All CISM Questions]

An organization is planning to open a new office in another country. Sensitive data will be routinely sent between the two offices. What should be the information security manager's FIRST course of action?

Show Suggested Answer Hide Answer
Suggested Answer: D

The first course of action is to identify applicable regulatory requirements (D). CISM governance requires understanding legal and regulatory obligations before defining policies, controls, or technical measures. Encryption (B), training (A), and policy updates (C) must be based on regulatory requirements to ensure compliance and avoid legal exposure. Jurisdictional risk assessment is foundational when operating across borders.


by Teresita at Jan 23, 2026, 07:06 AM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dana
15 days ago
I think a risk assessment should come before anything else.
upvoted 0 times
...
Leonie
20 days ago
Wait, are they even considering encryption?
upvoted 0 times
...
Genevive
26 days ago
Totally agree, compliance is key!
upvoted 0 times
...
Arlette
1 month ago
They should assess the data protection laws in that country first.
upvoted 0 times
...
Apolonia
1 month ago
Encrypt the data, use a VPN, and don't forget to install a firewall. Gotta cover all the bases!
upvoted 0 times
...
Bulah
1 month ago
Carrier pigeons are the most secure way to transmit sensitive data these days.
upvoted 0 times
...
Christene
2 months ago
Hire a team of hackers to test the security of the new office's network.
upvoted 0 times
...
Dalene
2 months ago
Encrypt all data before transmission to ensure confidentiality.
upvoted 0 times
...
Casey
2 months ago
Conduct a risk assessment to identify potential threats and vulnerabilities.
upvoted 0 times
...
Cecily
2 months ago
Implement a secure VPN connection between the offices to protect the sensitive data.
upvoted 0 times
...
Sharika
2 months ago
I vaguely recall a practice question where we had to prioritize data encryption. Could that be the first action here too?
upvoted 0 times
...
Bo
2 months ago
Maybe the manager should focus on establishing a secure communication channel first? I feel like that’s a common practice in similar scenarios.
upvoted 0 times
...
France
3 months ago
I'm not entirely sure, but I remember something about conducting a risk assessment before implementing any data transfer protocols.
upvoted 0 times
...
Toi
3 months ago
I think the first step should be to assess the legal and regulatory requirements for data transfer between countries. That seems crucial.
upvoted 0 times
...
In
4 months ago
This is a tricky one. I'd need to consult with the legal and IT teams to make sure we cover all the compliance and technical bases.
upvoted 0 times
...
Sharika
4 months ago
I'd recommend looking into VPNs, secure file transfer protocols, and other technical solutions to protect the sensitive data in transit.
upvoted 0 times
...
Wynell
4 months ago
Establishing secure communication channels would be my top priority. Encryption, access controls, and monitoring should all be considered.
upvoted 0 times
...
Earleen
4 months ago
Hmm, this seems like it requires a comprehensive security plan. I'd want to evaluate the risks and vulnerabilities first before deciding on the best approach.
upvoted 0 times
...
Meghann
4 months ago
I'd start by assessing the data sensitivity and any regulatory requirements for secure data transfer. That should guide the initial security measures.
upvoted 0 times
...

Save Cancel