Examice

Exam IIA-CIA-Part3 All QuestionsBrowse all questions from this exam

Question 144

According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?

Creating a comprehensive reporting system for vendors to demonstrate their ongoing due diligence in network operations.

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause.

Applying administrative privileges to ensure right-to-access controls are appropriate.

Creating a standing cybersecurity committee to identify and manage risks related to data security.

Correct Answer: B

Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause is the best initial step to manage risk when a third party oversees the organization's network and data. This ensures that the third party is contractually obligated to maintain specific security practices and allows the organization to verify compliance through audit rights. This proactive approach helps establish clear expectations and provides the means to monitor and enforce compliance, thereby mitigating risks associated with third-party oversight.

Discussion

WalewweeeedOption: B

B is correct

ElvinOption: B

Why D? Should this be B?

KhetsOption: B

Correct answer is definitely B according to GTAG Assessing cyber security risk

KonradKOption: B

It's B!