An organization has outsourced its IT security operations to a third party. Who is ULTIMATELY accountable for the risk associated with the outsourced operations?
A. The organization’s vendor management office
B. The organization’s management
C. The control operators at the third party
D. The third party’s management
A. The organization’s vendor management office
B. The organization’s management
C. The control operators at the third party
D. The third party’s management