CISM Certified Information Security Manager – Question0364

An information security manager has recently been notified of potential security risks associated with a third-party service provider. What should be done NEXT to address this concern?

A.
Conduct a risk analysis
B. Escalate to the chief risk officer
C. Conduct a vulnerability analysis
D. Determine compensating controls

Correct Answer: A