Which of the following would be the BEST way for an enterprise to address new legal and regulatory requirements applicable to IT? 

Answer options:

A. Benchmark how other IT organizations are treating the new requirements.
B. Adopt a zero-tolerance approach for noncompliance with regulatory matters.
C. Treat as a risk to be assessed before developing a response.
D. Use a cost-benefit analysis to determine if compliance is warranted.

D