Certified in Risk and Information Systems Control (CRISC) — Question 241

Which of the following is the MOST critical security consideration when an enterprise outsource is major part of IT department to a third party whose servers are in foreign company?

Answer options

• A. A security breach notification may get delayed due to time difference
• B. The enterprise could not be able to monitor the compliance with its internal security and privacy guidelines
• C. Laws and regulations of the country of origin may not be enforceable in foreign country
• D. Additional network intrusion detection sensors should be installed, resulting in additional cost

Correct answer: C

Explanation

The correct answer is C because laws and regulations that apply in the enterprise's home country may not have jurisdiction or applicability in the foreign country where the servers are located. This creates significant risks regarding compliance and legal enforcement. Options A, B, and D are less critical, as they pertain to operational challenges rather than fundamental legal and compliance issues.