Exam CISSP topic 1 question 52 discussion

Third party accessing company assets will need a business need.

without a contract in place business need cannot suffice the requirement to grant network access so, A should be the correct answer

A. all business requirements are addressed during contact negotiation. business needs falls under the one of the many terms in the contact.

Who determines the correct answer ? Seems like Most Voted is C but correct answer is A

While contract negotiation (option A) is an important aspect of engaging with a third-party security service, it is not the BEST explanation when determining whether to provide remote network access to that service. The question specifically asks for the BEST explanation, and in this context, the primary consideration should be the business need (option C). Contract negotiation typically occurs after assessing the business need and deciding to proceed with engaging a third-party security service. During contract negotiation, the terms and conditions of the engagement are discussed and agreed upon, including aspects such as service levels, pricing, confidentiality, liability, and legal obligations. Therefore, while contract negotiation is relevant, option C (business need) is the BEST explanation for deciding whether to provide remote network access to a third-party security service.

Providing remote network access to a third-party security service is a decision that should be made based on the specific business needs and the risks involved. It is important to evaluate the requirements for the service and whether it is critical for the business operations.

The best explanation when determining whether to provide remote network access to a third-party security service is Business Need. Remote network access should only be provided if there is a specific business need that cannot be met without the service. It is important to consider the security implications of providing remote access and to ensure that the third-party service adheres to the organization's security policies and practices.

All business need is addressed in contract negotiation

Surely, business need !

I will select A. Third-Party Security Services Provider (TPSSP) The security roles and responsibilities of TPSSPs for: - Identity and access management - Cloud Workload Protection Platform - Network Security - Data & Storage Security - Assessment - Security Analytics as a Service - Application Security - Security Support Services Normally we need to negotiate roles & responsibilities of TPSSP. Service Level Agreement(SLAs) and types of support (On-site or Remote Access) have to be clarified. Reference : https://www.lexology.com/library/detail.aspx?g=3ed47921-2cfa-4d1b-8615-ad468a1cbc81

Business need is a justification

Vote for C.

Is there a real need

Once the business need is determined, then a connection policy will be made.

Answer is A For e.g , When working with a 3rd party on an internal project , if they need VPN access to meet the business need , the access is granted a part of contract negotiation .