Which of the following should an information security manager do FIRST upon notification of a potential security risk associated with a third-party service provider? A. Determine risk treatment options. B. Conduct a vulnerability analysis. C. Escalate to the third-party provider. D. Conduct a risk analysis. Suggested Answer: D This question is in CISM exam For getting Certified Information Security Manager Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by ISACA. The website does not contain actual questions and answers from ISACA's Certification Exams. Trademarks, certification & product names are used for reference only and belong to ISACA.
Please login or Register to submit your answer