Certified Information Security Manager (CISM) — Question 284

Which of the following BEST indicates the effectiveness of the vendor risk management process?

Answer options

• A. Increase in the percentage of vendors certified to a globally recognized security standard
• B. Increase in the percentage of vendors with a completed due diligence review
• C. Increase in the percentage of vendors conducting mandatory security training
• D. Increase in the percentage of vendors that have reported security breaches

Correct answer: B

Explanation

The correct answer, B, is significant because a completed due diligence review shows that vendors have been thoroughly evaluated for risks. The other options, while important, do not directly measure the effectiveness of the risk management process itself; for instance, an increase in breaches (D) indicates failure rather than success.