The service level agreement (SLA) for an outsourced IT function does not reflect an adequate
level of protection. In this situation an information security manager should:
A.
ensure the provider is made liable for losses.
B.
recommend not renewing the contract upon expiration.
C.
recommend the immediate termination of the contract.
D.
determine the current level of security.
Explanation:
It is important to ensure that adequate levels of protection are written into service level
agreements (SLAs) and other outsourcing contracts. Information must be obtained from providers
to determine how that outsource provider is securing information assets prior to making any
recommendation or taking any action in order to support management decision making. Choice A
is not acceptable in most situations and therefore not a good answer.