Home > Certified Information Security Manager (CISM) > Quizzes > CISM: Outsourcing And Third-party Service Providers
CISM: Outsourcing And Third-party Service Providers
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 31% Most missed: “An organization is planning to provide access to a third-party service provider.…”
CISM: Outsourcing And Third-party Service Providers
Time left 00:00
25 Questions

1. Before executing the contract, the information security manager should do what?
2. What is the most important aspect a security manager should consider while entering into an agreement with a third-party service provider?
3. An organization is planning to provide access to a third-party service provider. Which of the following should be the first step?
4. An organization has renewed an agreement with a third-party service provider every year for the last 5 years without changing any agreement clauses. However, recently, complaints are being received concerning security lapses on the part of the service providers. Which of the following actions is the FIRST one that the information security manager should take in this situation?
5. The organization has provided access to its system to a supplier to remotely access important business data. What is the most effective way to ensure that the supplier does not improperly access or modify the database?
6. What area is of the most concern for a security manager when payroll processes are outsourced to a third-party service provider?
7. The information security policy of the organization requires independent assessment for all third parties associated with the organization. The security manager should ensure what is included in the contract?
8. What area is of most concern for a security manager when an organization is storing sensitive data in a third-party cloud service provider?
9. A request for proposal (RFP) when selecting a third-party service provider is to be issued when?
10. Which of the following is the most important clause to be included in an SLA for outsourcing an IT support service?
11. Which of the following is best to be included in the service-level agreement to ensure that the confidentiality requirement is complied with by the third-party service provider?
12. What is the most important aspect a security manager should consider while entering an agreement with a third-party service provider?
13. What is the most difficult factor to determine while conducting a security review of an offshore service provider?
14. When sensitive data is stored at a third-party location, the security manager will require which of the following?
15. What is the best way to ensure that outsourced service providers comply with the organization's information security policy?
16. The information security manager is reviewing the outsourcing arrangement. Which of the following is the most critical contractual element?
17. The organization is unable to convince one of its major trading partners to comply with its security requirements. What is the best course of action for the security manager?
18. What is the most important factor before outsourcing customer relationship management to a third-party service provider?
19. What is the most important area for an information security manager when selecting a third-party service provider for a critical business function?
20. The information security manager should be involved in outsourcing the arrangement at which point?
21. From a security perspective, which of the following is the most important aspect that needs to be negotiated with a third-party service provider?
22. What is the most important area for an information security manager when selecting a cloud service provider?
23. An organization shares critical data with the third-party service provider for processing. What should the security manager primarily ensure regarding the data classification requirements of the organization?
24. A third-party service provider handles sensitive customer data. The security manager is most likely to be interested in which of the following?
25. When addressing the resolution of an operational issue, what is the most important aspect to be included in the service-level agreement?