When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
A.
Data is encrypted in transit and at rest at the vendor site.
B.
Data is subject to regular access log review.
C.
The vendor must be able to amend data.
D.
The vendor must agree to the organization's information security policy,
When granting remote access to confidential information to a vendor, the most important security consideration is to ensure that the vendor complies with the organization’s information security policy. The information security policy defines the roles, responsibilities, rules, and standards for accessing, handling, and protecting the organization’s information assets. The vendor must agree to the policy and sign a contract that specifies the terms and conditions of the access, the security controls to be implemented, the monitoring and auditing mechanisms, the incident reporting and response procedures, and the penalties for non-compliance or breach. The policy also establishes the organization’s right to revoke the access at any time if the vendor violates the policy or poses a risk to the organization.
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit