What is the BEST course of action when an information security manager finds an external service provider has not implemented adequate controls for safeguarding the organization’s critical data?
A. Assess the impact of the control gap.
B. Initiate contract renegotiations.
C. Purchase additional insurance.
D. Conduct a controls audit of the provider.
A. Assess the impact of the control gap.
B. Initiate contract renegotiations.
C. Purchase additional insurance.
D. Conduct a controls audit of the provider.