What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?
Correct Answer: C
To address the issue of the contract not clearly identifying requirements for safeguarding critical data, the best recommendation is to create an addendum to the existing contract. This allows the organization to update and clarify the terms related to the security of critical data without having to cancel the contract or transfer all the risk to the provider. By creating an addendum, the organization can ensure that the necessary security requirements are explicitly stated, thereby protecting its critical data while maintaining the existing business relationship.
An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?
Correct Answer: A
Before implementing a Security Information and Event Management (SIEM) tool, it is most important to consider the controls to be monitored. This is because the primary function of a SIEM tool is to collect, analyze, and respond to log data from various sources within the organization. Knowing which controls and events need to be monitored helps ensure the SIEM is accurately configured to detect and respond to relevant security incidents. Establishing these controls beforehand allows the organization to tailor the SIEM system to meet specific security needs and regulatory requirements, ensuring effective and meaningful security monitoring. Other factors like reporting capabilities, vendor contracts, and technical support, while important, are secondary considerations that should follow once the monitoring requirements are clearly defined.
Which of the following is MOST likely to be included in an enterprise security policy?
Correct Answer: A
An enterprise security policy is designed to provide comprehensive guidelines for ensuring the security of an organization’s information systems. Key components of such a policy often include definitions of responsibilities, detailing who is responsible for various aspects of security within the organization. This helps establish clear accountability and ensures that all necessary security measures are properly managed and enforced.
Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?
Correct Answer: D
When an information security manager faces a situation where a legacy application is non-compliant with a regulatory requirement and the business unit lacks the budget for remediation, the first step should be to assess the consequences of noncompliance against the cost of remediation. This assessment provides a clear understanding of the potential risks and consequences associated with noncompliance, as well as the financial implications of addressing the issue. By doing so, the manager can gather the necessary information to make informed decisions and prioritize actions effectively. This comprehensive evaluation is crucial before developing a business case, notifying legal, or advising senior management, as it forms the basis for any subsequent steps in addressing the compliance issue.
Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?
Correct Answer: C
Ensuring security is involved in the procurement process is the most effective way to address an organization's security concerns during contract negotiations with a third party. By involving security from the beginning, potential security risks can be identified and mitigated early on. This approach ensures that security requirements are included in the contract and that the third-party vendor is aware of and committed to meeting the organization's security standards. Additionally, involving security in the procurement process can help assess the vendor's security posture and ensure they have adequate controls in place to protect sensitive information and critical assets.