When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided? A. Develop metrics for vendor performance. B. Include information security criteria as part of vendor selection. C. Review third-party reports of potential vendors. D. Include information security clauses in the vendor contract. Â Suggested Answer: B This question is in CISM exam For getting Certified Information Security Manager Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams. Trademarks, certification & product names are used for reference only and belong to ISACA.
Please login or Register to submit your answer