Your organization operates in multiple states within the U.S. and is planning to update its Information Security Policies. As the Security Manager, what should be your FIRST step to ensure that the updated policies comply with varying state-specific cybersecurity regulations?
Consult with an external cybersecurity firm for a standard policy template.
Immediately revise the Acceptable Use Policy (AUP) to reflect generic best practices.
Conduct a gap analysis between current information security practices and updated security policy drafts.
Review current local and regional cybersecurity laws applicable to the states where the organization operates.
|Security Program Management and Oversight
|Threats, Vulnerabilities, and Mitigations
|General Security Concepts