Which of the following would BEST satisfy the objectives defined by the compliance officer?

A compliance officer of a large organization has reviewed the firm’s vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties.

Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.)
A . Executing vendor compliance assessments against the organization’s security controls
B . Executing NDAs prior to sharing critical data with third parties
C . Soliciting third-party audit reports on an annual basis
D . Maintaining and reviewing the organizational risk assessment on a quarterly basis
E . Completing a business impact assessment for all critical service providers
F . Utilizing DLP capabilities at both the endpoint and perimeter levels

Answer: A, C

Latest CS0-002 Dumps Valid Version with 220 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>