Which of the following is the MOST critical activity to ensure the ongoing security of outsourced IT
services?
A.
Provide security awareness training to the third-party provider’s employees
B.
Conduct regular security reviews of the third-party provider
C.
Include security requirements in the service contract
D.
Request that the third-party provider comply with the organization’s information security policy
Explanation:
Regular security audits and reviews of the practices of the provider to prevent potential information
security damage will help verify the security of outsourced services. Depending on the type of
services outsourced, security awareness may not be necessary. Security requirements should beincluded in the contract, but what is most important is verifying that the requirements are met by
the provider. It is not necessary to require the provider to fully comply with the policy if only some
of the policy is related and applicable.