According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?
According to IIA guidance, which of the following would be the best first step to manage risk when a third party is overseeing the organization's network and data?
Drafting a strong contract that requires regular vendor control reports and a right-to-audit clause is the best initial step to manage risk when a third party oversees the organization's network and data. This ensures that the third party is contractually obligated to maintain specific security practices and allows the organization to verify compliance through audit rights. This proactive approach helps establish clear expectations and provides the means to monitor and enforce compliance, thereby mitigating risks associated with third-party oversight.
B is correct
Correct answer is definitely B according to GTAG Assessing cyber security risk
Why D? Should this be B?
It's B!