Exam CISM topic 1 question 545 discussion

While I was torn between D and A, I am going with D because we want to see the security posture after the incident(breach) which I believe the senior management will care about not some litigation or liability issue

I am going for D as a risk assessment can include legal risks as well. Option D is the most comprehensive answer.

bad question. What were the recommendations. Sort of legal, technical, or assessment? Answers are varied based on the objectives of recommendations which we do not know.

SaaS, only the data is yours. it is a shared responsibility, renegotiating the contract is of no use here, updating vendor risk assessment can't be done here as risk assessment of vendor happens before contract sign off. Its a battle of the barristers.

leaning towards D for this one.

Updating the risk assessment could lead to engaging legal counsel as part of a comprehensive response plan, making it a more encompassing recommendation.

Well, torn between A and D. But I'm leaning towards A since it asks for recommendation for SENIOR MANAGEMENT. Senior management must look to protect itself and the business from the fallout of the breach through legal means if necessary. Sure, vendor risk assessment should now definitely be updated (as they have proven a more a risky investment), but I feel that legal should be involved..dunno, not 100% sure...

Why not D. Legal is too harsh

As an information security manager, my best recommendation to senior management following a breach at the organization's SaaS vendor would be to choose option D: Update the vendor risk assessment. Updating the vendor risk assessment is crucial because it allows the organization to assess the impact and severity of the breach on its data and systems. It also helps in evaluating the vendor's security measures and determining whether they meet the organization's security requirements. Engaging legal counsel may be necessary depending on the severity of the breach, but it should not be the immediate priority. Terminating the relationship with the vendor might be considered, but it may not be the best solution if the vendor is willing to address the issue and enhance their security measures.

D. Update the vendor risk assessment

Engaging legal counsel can be an important step following a breach at a Software as a Service (SaaS) vendor. However, the question asks for the information security manager's BEST recommendation to senior management, and in this context, updating the vendor risk assessment would be a more immediate and relevant action. I think Option D - Please share your opinions

legal issues

an information security breach would typically trigger the need for another risk assessment to be conducted. Conducting a risk assessment after an information security breach is an important step to reassess and evaluate the organization's risk landscape in light of the incident. The purpose of the post-breach risk assessment is to identify any new or heightened risks that may have emerged as a result of the breach, reassess the impact and likelihood of existing risks, and determine the effectiveness of current control measures.

Engage Legal Counsel following a breach would be the best recommendation to SENIOR MANAGEMENT in my opinion. Because litigation will concern them most than updating risk assessment.

The Correct answer is (A) Engage legal counsel as we must now interact with the SaaS provider in a way that may turn litigious. Rationale: B. Terminating the relationship with the vendor does not absolve the organization from the security breach responsibilities. C. Renegotiate the vendor contract may be in the cards, but this has to be done after the situation is resolved. D. Update the vendor risk assessment is something that should have been done proactively not after the fact. Doing this at this part of the stage is a bit late.

I think A

I would choose A. Engage legal counsel. Yes, you can update the vendor risk thing, but is that the best thing to recommend to senior leadership? I think its A.