Certified Information Security Manager (CISM) — Question 1164

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Answer options

• A. The vendor must be able to amend data
• B. The vendor must agree to the organization's information security policy
• C. Data is encrypted in transit and at rest at the vendor site
• D. Data is subject to regular access log review

Correct answer: B

Explanation

The correct answer is B because ensuring that the vendor adheres to the organization's information security policy is crucial for maintaining data integrity and compliance. While options A, C, and D are important considerations, they are secondary to establishing a clear agreement on security policies, which governs the overall handling of the data.