CISM Certified Information Security Manager – Question1276

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors. Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

A.
Corresponding breaches associated with each vendor
B. Compensating controls in place to protect information security
C. Compliance requirements associated with the regulation
D. Criticality of the service to the organization

Correct Answer: B