Certified Information Security Manager (CISM) — Question 965

Which of the following is the MOST effective way to ensure the security of services and solutions delivered by third-party vendors?

Answer options

• A. Review third-party contracts as part of the vendor management process.
• B. Perform an audit on vendors' security controls and practices.
• C. Integrate risk management into the vendor management process.
• D. Conduct security reviews on the services and solutions delivered.

Correct answer: C

Explanation

Integrating risk management into the vendor management process allows for a comprehensive approach to identifying, assessing, and mitigating risks associated with third-party services. While reviewing contracts, auditing vendors, and conducting security reviews are important, they are more reactive measures compared to the proactive nature of embedding risk management into the overall vendor management strategy.