A finance department director has decided to outsource the organization's budget application and has identified potential providers. Which of the following actions should be initiated FIRST by IN information security manager?
A.
Determine the required security controls for the new solution
B.
Review the disaster recovery plans (DRPs) of the providers
C.
Obtain audit reports on the service providers' hosting environment
D.
Align the roles of the organization's and the service providers' stats.
Before outsourcing any application or service, an information security manager should first determine the required security controls for the new solution, based on the organization’s risk appetite, security policies and standards, and regulatory requirements. This will help to evaluate and select the most suitable provider, as well as to define the security roles and responsibilities, service level agreements (SLAs), and audit requirements. References: https://www.isaca.org/credentialing/cism https://www.wiley.com/en-us/CISM+Certified+Information+Security+Manager+Study+Guide-p-9781119801948
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit