What is the BEST way to ensure that contract programmers comply with organizational security
policies?
A.
Explicitly refer to contractors in the security standards
B.
Have the contractors acknowledge in writing the security policies
C.
Create penalties for noncompliance in the contracting agreement
D.
Perform periodic security reviews of the contractors
Explanation:
Periodic reviews are the most effective way of obtaining compliance. None of the other options
detects the failure of contract programmers to comply.