Your organization operates in multiple states within the U.S. and is planning to update its Information Security Policies. As the Security Manager, what should be your FIRST step to ensure that the updated policies comply with varying state-specific cybersecurity regulations?
Consult with an external cybersecurity firm for a standard policy template.
Conduct a gap analysis between current information security practices and updated security policy drafts.
Immediately revise the Acceptable Use Policy (AUP) to reflect generic best practices.
Review current local and regional cybersecurity laws applicable to the states where the organization operates.