According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?
A.
Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.
B.
Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause.
C.
Applying administrative privileges to ensure right-to-access controls are appropriate.
D.
Creating a standing cybersecurity committee to identify and manage risks related to data security.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Walewweeeed
Highly Voted 3 years, 6 months agofadsinyav
Most Recent 5 days, 15 hours agoKonradK
11 months agoElvin
11 months, 1 week agoKhets
3 years, 3 months ago