CISM Certified Information Security Manager – Question0479

The MOST effective way to ensure that outsourced service providers comply with the organization's information security policy would be:

A.
service level monitoring.
B. penetration testing.
C. periodically auditing.
D. security awareness training.

Correct Answer: C

Explanation:

Explanation:
Regular audit exercise can spot any gap in the information security compliance. Service level monitoring can only pinpoint operational issues in the organization’s operational environment. Penetration testing can identify security vulnerability but cannot ensure information compliance Training can increase users’ awareness on the information security policy, but is not more effective than auditing.