An information security manager has become aware that a third-party provider is not in compliance with the statement of work (SOW). Which of the following is the BEST course of action?
Read the question well, it did not say the ISM suspects or was told of the noncompliance. It categorically says 'He has become aware of the issue' . So the question is asking for the BEST next step. since he has already assessed the issue (which is how he became aware of it in the first place) option A is out of the window and since the ISM can not take executive decisions all by himself, it makes perfect sense that he would pull management in before he acts on the issue so C is the right answer
A.
Assessing the extent of the issue should be the first step to understand the problem fully, after which the appropriate course of action can be determined, which may include reporting to senior management, legal personnel, or initiating contract renegotiation as needed.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
edmamol
1 month agowickhaarry
7 months, 2 weeks agooluchecpoint
8 months agorichck102
11 months, 1 week ago