An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?
A. Conduct a risk analysis
B. Escalate to the chief risk officer
C. Conduct a vulnerability analysis
D. Determine compensating controls
A. Conduct a risk analysis
B. Escalate to the chief risk officer
C. Conduct a vulnerability analysis
D. Determine compensating controls