CISM Certified Information Security Manager – Question0151

The effectiveness of the information security process is reduced when an outsourcing organization:

A.
is responsible for information security governance activities
B. receives additional revenue when security service levels are met
C. incurs penalties for failure to meet security service-level agreements
D. standardizes on a single access-control software product

Correct Answer: A