Question 1125 - CISM Certified Information Security Manager

Before engaging outsourced providers, an information security manager should ensure that the organization's data classification requirements:

A. are compatible with the provider's own classification.
B. are communicated to the provider.
C. exceed those of the outsourcer.
D. are stated in the contract.

Correct Answer: D

Explanation:

Explanation: The most effective mechanism to ensure that the organization’s security standards are met by a third party, would be a legal agreement. Choices A. B and C are acceptable options, but not as comprehensive or as binding as a legal contract.

CISM Certified Information Security Manager

Tag: Question 1125

CISM Certified Information Security Manager – Question1125