A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)
A) Executing vendor compliance assessments against the organization's security controls
B) Executing NDAs prior to sharing critical data with third parties
C) Soliciting third-party audit reports on an annual basis
D) Maintaining and reviewing the organizational risk assessment on a quarterly basis
E) Completing a business impact assessment for all critical service providers
F) Utilizing DLP capabilities at both the endpoint and perimeter levels

Question

Quizplus · Accepted Answer

The Answer of A compliance officer of a large organization has reviewed the firm's vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)
A) Executing vendor compliance assessments against the organization's security controls
B) Executing NDAs prior to sharing critical data with third parties
C) Soliciting third-party audit reports on an annual basis
D) Maintaining and reviewing the organizational risk assessment on a quarterly basis
E) Completing a business impact assessment for all critical service providers
F) Utilizing DLP capabilities at both the endpoint and perimeter levels

A Compliance Officer of a Large Organization Has Reviewed the Firm's