CISM Certified Information Security Manager – Question0587

Which of the following would provide the MOST effective security outcome in an organization’s contract management process?

A.
Extending security assessment to include random penetration testing
B. Extending security assessment to cover asset disposal on contract termination
C. Performing vendor security benchmark analyses at the request-for-proposal stage
D. Ensuring security requirements are defined at the request-for-proposal stage

Correct Answer: C