A major trading partner with access to the internal network is unwilling or unable to remediate
serious information security exposures within its environment. Which of the following is the BEST
recommendation?
A.
Sign a legal agreement assigning them all liability for any breach
B.
Remove all trading partner access until the situation improves
C.
Set up firewall rules restricting network traffic from that location
D.
Send periodic reminders advising them of their noncompliance
Explanation:
It is incumbent on an information security manager to see to the protection of their organization’s
network, but to do so in a manner that does not adversely affect the conduct of business. This can
be accomplished by adding specific traffic restrictions for that particular location. Removing all
access will likely result in lost business. Agreements and reminders do not protect the integrity of
the network.