Certified Information Security Manager (CISM) — Question 1105

Which of the following considerations is MOST important when selecting a third-party intrusion detection system (IDS) vendor?

Answer options

• A. The vendor’s proposal aligns with the objectives of the organization
• B. The vendor’s proposal allows for contract modification during technology refresh cycles
• C. The vendor’s proposal requires the provider to have a business continuity plan (BCP)
• D. The vendor’s proposal allows for escrow in the event the third party goes out of business

Correct answer: A

Explanation

The correct answer is A because aligning the vendor's proposal with the organization's objectives ensures that the IDS will effectively meet the specific security needs of the organization. Options B, C, and D are important considerations but do not directly address the primary goal of ensuring the IDS fulfills the organization's security strategy.