An enterprise is developing a baseline cybersecurity standard its suppliers must meet before being awarded a contract. Which of the following statements is TRUE about the baseline cybersecurity standard?
A.
It should be expressed as general requirements.
B.
It should be expressed as technical requirements.
C.
It should be expressed in business terminology.
A baseline cybersecurity standard should be expressed in technical requirements to ensure clear and measurable expectations for suppliers. This includes specific controls, technologies, and processes that must be implemented.
While general requirements can provide a high-level overview, technical requirements are essential for effective evaluation and enforcement of the standard.
Here's a breakdown of why the other options are less effective:
A. General requirements: Too vague and difficult to enforce.
C. Business terminology: While understanding business needs is important, the standard should focus on technical implementation details.
D. Legal terminology: While legal considerations are important, the primary focus should be on technical requirements to ensure effective security.
Here’s why C. It should be expressed in business terminology is appropriate:
Clarity for Stakeholders: Using business terminology helps ensure that all stakeholders, including suppliers, understand the expectations and the rationale behind them. This approach promotes better alignment and cooperation.
Alignment with Business Objectives: Expressing cybersecurity requirements in business terms ensures that they are seen as integral to achieving business goals, rather than as isolated technical mandates.
Effective Communication: Managers and executives need to communicate security requirements in a way that resonates with the business context, making it easier for suppliers to see the value and necessity of compliance.
Refer to chapter 1 the description of SLA and SLR . It talk about the third party or company
of your supply chain shall has minimum security standards. It relates with business. Technical details was developed by third-party company by following your business requirements. You don't give then the details of Technical.
Think like a manager guys. Using business terminology to express technical security things to other stakeholders is what a manager would do. You don't want to use too technical or even legal terminology when communicating with other stakeholders like suppliers. Business terminology is what you want to use when communicating security baselines to prospective suppliers. Remember, you want to think like an executive or a manager not an engineer.
The correct answer is C - business terminology
The statement that is true regarding the enterprise's baseline cybersecurity standard for suppliers is that it should be expressed in business terminology, option C.
The standard should focus on desired security outcomes in plain business language, rather than technical details or legal jargon. This makes requirements accessible to suppliers without cybersecurity expertise.
Option A is incorrect because general requirements can be too vague. Specific outcomes should be stated.
Option B is incorrect because technical jargon would be hard for suppliers to understand.
Option D is incorrect because legal terminology is overly formal for a cyber baseline.
This the baseline, go general to get the largest supplier audience without giving away details of your cybersecurity and then once some qualify that you can hold accountable set the details.
Clearly an organization will have multiple suppliers for different products and services. A baseline cybersecurity standard will have to be included as part of it's technical requirements.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
deeden
4 months, 3 weeks agoRachy
5 months, 1 week agoChris
5 months, 3 weeks agoRamye
6 months, 1 week agoVasyamba1
9 months, 2 weeks agohomeysl
9 months, 2 weeks agoHongjun
9 months, 4 weeks agogjimenezf
11 months, 3 weeks agoYesPlease
1 year agoSoleandheel
1 year agoSoleandheel
1 year agoInclusiveSTEAM
1 year, 2 months agoWz21
1 year, 3 months agoACunningPlan
1 year, 9 months agoFiredragon
2 years, 1 month agojackdryan
1 year, 7 months agoJamati
2 years, 1 month agordy4u
2 years, 2 months ago