Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?

Which of the following presents the GREATEST challenge to information risk management when outsourcing IT function to a third party?
A . It is difficult to know the applicable regulatory requirements when data is located on another country.
B . Providers may be reluctant to share technical delays on the extent of their information protection mechanisms.
C . Providers may be restricted from providing detailed ^formation on their employees.
D . It is difficult to determine vendor financial viability to assess their potential inability to meet
contract requirements.

View Answer

Answer: B

Explanation:

The GREATEST challenge to information risk management when outsourcing IT function to a third party is that providers may be reluctant to share technical details on the extent of their information protection mechanisms. This is because providers may consider their information protection mechanisms as proprietary or confidential, or may not want to reveal their weaknesses or vulnerabilities. This makes it difficult for the outsourcing organization to assess the level of security and compliance of the provider, and to monitor and audit their performance. The other options are not as challenging as providers being reluctant to share technical details, because they either involve legal or contractual aspects that can be clarified or negotiated before outsourcing (A, D), or human resource aspects that can be verified or validated by the provider C.