Certified Information Security Manager (CISM) — Question 883

Which of the following would provide the MOST effective security outcome in an organization's contract management process?

Answer options

• A. Extending security assessment to cover asset disposal on contract termination
• B. Ensuring security requirements are defined at the request-for-proposal (RFP) stage
• C. Extending security assessment to include random penetration testing
• D. Performing vendor security benchmark analyses at the request-for-proposal (RFP) stage

Correct answer: B

Explanation

Option B is correct because defining security requirements at the RFP stage ensures that security considerations are integrated from the outset of the contract process, enhancing overall security. The other options, while beneficial, do not address the foundational aspect of security planning at the beginning of the contractual relationship.