Mysystem.org IT ExamsCISM Question 157 2017-04-06
Question: An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:
A.) an audit of the service provider uncovers no significant weakness.
B.) the contract includes a nondisclosure agreement (NDA) to protect the organization’s intellectual property.
Answer ==> C.) the contract should mandate that the service provider will comply with security policies.
D.) the third-party service provider conducts regular penetration testing.