Exam CISM Topic 6 Question 361 Discussion

Actual exam question for ISACA's CISM exam
Question #: 361
Topic #: 6
An organization learns that a third party has outsourced critical functions to another external provider. Which of the following is the information security manager's MOST important course of action?

Suggested Answer: C Vote an answer

According to the CISM Review Manual, the information security manager should evaluate the third party's agreements with its external provider to ensure that the security requirements and controls are adequate and consistent with the organization's expectations. Engaging or conducting an audit may be a subsequent step, but not the most important one. Recommending canceling the contract may be premature and impractical.
References = CISM Review Manual, 27th Edition, Chapter 3, Section 3.4.2, page 1431.

by Iris at May 04, 2025, 12:51 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어