Certified Information Security Manager (CISM) — Question 411

Which of the following is MOST important for an information security manager to verify when selecting a third-party forensics provider?

Answer options

• A. Existence of a right to audit clause
• B. Technical capabilities of the provider
• C. Results of the provider's business continuity tests
• D. Existence of the provider's incident response plan

Correct answer: B

Explanation

The technical capabilities of the provider are essential because they determine the effectiveness and reliability of the forensic services offered. While the other options are important, they do not directly impact the provider's ability to perform forensic analysis effectively, which is critical in security incident investigations.