Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 789 discussion

Actual exam question from Isaca's CISM
Question #: 789
Topic #: 1
[All CISM Questions]

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

  • A. Integrate information security risk assessments into the procurement process.
  • B. Invite IT members into regular procurement team meetings to influence best practice.
  • C. Enforce the right to audit in procurement contracts with SaaS vendors.
  • D. Provide regular information security training to the procurement team.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Broesweelies at Feb. 4, 2023, 5:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Booict
3 months ago
Selected Answer: A
A - this ia a proactive approach. Ensures that security concerns are considered from the very beginning, during the decision-making process, rather than after a contract is already in place. C is more to reactive measure.
upvoted 1 times
...
heathsem
7 months, 4 weeks ago
Selected Answer: C
Audit is key here.
upvoted 1 times
...
oluchecpoint
1 year, 2 months ago
Selected Answer: A
A. Integrate information security risk assessments into the procurement process. Integrating information security risk assessments into the procurement process is the most effective way to ensure that procurement decisions consider information security concerns. This approach involves evaluating the security aspects of SaaS solutions before they are procured and implemented.
upvoted 1 times
...
richck102
1 year, 4 months ago
A. Integrate information security risk assessments into the procurement process.
upvoted 1 times
...
karanvp
1 year, 4 months ago
The tricky part in the question is "ensure". This means "ensuring the Procurement decision considers InfoSec and follow it's policies"; ideally this one will be ensured by audit.
upvoted 2 times
...
wello
1 year, 5 months ago
Selected Answer: A
A. Integrate information security risk assessments into the procurement process.
upvoted 1 times
...
CarlLimps
1 year, 8 months ago
Selected Answer: A
A. What they said. Integrate info sec risk assessment to procurement process.
upvoted 3 times
...
Boomers
1 year, 9 months ago
Selected Answer: A
I will go for A. Above explanation is correct.
upvoted 3 times
...
Broesweelies
1 year, 9 months ago
Selected Answer: A
A. Integrating information security risk assessments into the procurement process would be the MOST effective way to help ensure procurement decisions consider information security concerns. This approach would ensure that security risks are evaluated and considered during procurement, leading to more secure procurement decisions.
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel