Certified Information Security Manager (CISM) — Question 360

An organization is increasingly using Software as a Service (SaaS) to replace in-house hosting and support of IT applications. Which of the following would be the MOST effective way to help ensure procurement decisions consider information security concerns?

Answer options

• A. Integrate information security risk assessments into the procurement process.
• B. Invite IT members into regular procurement team meetings to influence best practice.
• C. Enforce the right to audit in procurement contracts with SaaS vendors.
• D. Provide regular information security training to the procurement team.

Correct answer: A

Explanation

The correct answer, A, emphasizes the integration of information security risk assessments into the procurement workflow, ensuring that security concerns are systematically evaluated. Options B and D, while helpful for fostering awareness, do not directly embed security analysis into procurement decisions. Option C, while important for oversight, does not prevent risks from being considered during the initial procurement phase.