Certified Information Security Manager (CISM) — Question 387

Which of the following is an information security manager’s MOST important consideration when exploring the use of a third-party provider to handle an IT function?

Answer options

• A. The provider carries cyber insurance to cover security breaches.
• B. The provider agrees to provide historical security incident data.
• C. The provider’s security processes align with the organization’s.
• D. The provider has undergone an independent security review.

Correct answer: C

Explanation

The correct answer is C because ensuring that the provider’s security processes are in alignment with the organization’s is crucial for maintaining security standards. While cyber insurance (A), historical data (B), and independent reviews (D) are important, they do not directly address the integration of security practices, which is vital for effective risk management.