Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise’s information security policy?

Which of the following is the BEST way to ensure that outsourced service providers comply with
the enterprise’s information security policy?

Which of the following is the BEST way to ensure that outsourced service providers comply with
the enterprise’s information security policy?

A.
Penetration testing

B.
Service level monitoring

C.
Security awareness training

D.
Periodic audits

Explanation:

As regular audits can spot gaps in information security compliance, periodic audits can ensure that
outsourced service provider comply with the enterprise’s information security policy.
Answer C is incorrect. Training can increase user awareness of the information security policy,
but is less effective than periodic auditing.
Answer A is incorrect. Penetration testing can identify security vulnerability, but cannot ensure
information compliance.
Answer B is incorrect. Service level monitoring can only identify operational issues in the
enterprise’s operational environment. It does not play any role in ensuring that outsourced service
provider comply with the enterprise’s information security policy.



Leave a Reply 0

Your email address will not be published. Required fields are marked *