An information security team is planning a security assessment of an existing vendor. Which of the following approaches is MOST helpful for properly scoping the assessment?
A.
Review the vendor’s security policy.
B.
Review controls listed in the vendor contract.
C.
Focus the review on the infrastructure with the highest risk.
D.
Determine whether the vendor follows the selected security framework rules.
My answer is B. Focus on the controls listed in the vendor contract ensures that the assessment is aligned with the agreed-upon security requirements. Whereas the option A, reviewing the security policy alone might not give a comprehensive view of the actual controls in place or their effectiveness.
Since it's existing vendor, reviewing the list of controls in the contract will provide the most appropriate scope. Others may be more relevant for new vendor.
c is the answer... scope their services and risk present to the business
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Booict
3 months, 3 weeks agoSoleandheel
12 months agorichck102
1 year, 1 month agoBennyMao
1 year, 2 months agoSaisharan
1 year, 3 months agoEwunia
1 year, 3 months agoAidanSun
1 year, 3 months agoRowlandmarc
1 year, 3 months ago