Certified Information Security Manager (CISM) — Question 257

Which of the following is the GREATEST benefit of integrating information security program requirements into vendor management?

Answer options

• A. The ability to meet industry compliance requirements
• B. The ability to define service level agreements (SLAs)
• C. The ability to reduce risk in the supply chain
• D. The ability to improve vendor performance

Correct answer: C

Explanation

The correct answer is C because integrating security requirements helps identify and manage risks associated with vendors, thereby strengthening the supply chain. Options A, B, and D, while important, are secondary benefits that do not directly address the risk mitigation aspect that is crucial in vendor management.