Which of the following should an information security manager do FIRST upon notification of a potential security risk associated with a third-party service provider?
D - While communication with the third-party provider is crucial, it’s not the initial step. Risk analysis should precede escalation. it’s essential to assess the risk. A risk analysis helps evaluate the impact, likelihood, and severity of the potential risk. It informs subsequent actions and decisions.
I'd say it's C. The keyword here being "potential" so the first thing you do is validate what happened and whether it even happened. After that you can decide what to do next.
Then again, if you are notified about the risk associated with third-party provider (i.e. discovered the risk of relying on their services), then risk analysis is indeed the first thing you should do (B).
Honestly, I'm not 100% sure what the question is asking... :/
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Booict
4 months agoAlexJacobson
9 months, 2 weeks agoAlexJacobson
9 months, 2 weeks agorichck102
1 year ago