Watch this video on YouTube
What should be the first course of action for an information security manager when an organization is subject to a new regulatory requirement?