The MOST effective way to ensure that outsourced service providers comply with the organization’s information
security policy would be:
A.
service level monitoring.
B.
penetration testing.
C.
periodically auditing.
D.
security awareness training.
Explanation:
Regular audit exercise can spot any gap in the information security compliance. Service level monitoring can only pinpoint operational issues in the organization’s operational environment. Penetration testing can identify security vulnerability but cannot ensure information compliance Training can increase users’ awareness on the information security policy, but is not more effective than auditing.