An organization is considering using a third party to host sensitive archived data. Which of the following is MOST important to verify before entering into the relationship?
A.
Independent audits of the vendor’s operations are regularly conducted.
B.
The vendor’s controls are in line with the organization’s security standards.
C.
The encryption keys are not provided to the vendor.
D.
The vendor’s data centers are in the same geographic region.
B. The vendor’s controls are in line with the organization’s security standards.
When an organization is considering using a third party to host sensitive archived data, it is important to verify that the vendor's controls are in line with the organization's security standards. This includes reviewing the vendor's security policies, procedures, and technical controls to ensure that they meet or exceed the organization's own standards for data protection. This will help ensure that the organization's sensitive data is protected from unauthorized access, alteration, or destruction.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Syma
2 months, 1 week agorichck102
1 year, 1 month agoBroesweelies
1 year, 6 months ago