Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?

Over the last year, an information security manager has performed risk assessments on multiple third-party vendors.

Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
A . Criticality of the service to the organization
B . Compliance requirements associated with the regulation
C . Compensating controls in place to protect information security
D . Corresponding breaches associated with each vendor

Answer: A

Explanation:

Associated level of risk applied to each vendor is the Residual Risk (the risk after applying vendor’s controls). CRISC RM 6th, (Residual Risk = Inherent Risk C Cumulative Effect of Controls) Inherent risk is the current risk without applying any control (i.e. before vendor’s controls), this risk is the same quantity in the equation for each vendor. Effect of controls (the value supplied by the vendor) will be different for each vendor. Ex. For vendor 1, Residual Risk1= Inherent/current Risk C Effect of controls of Vendor1 For vendor 2, Residual Risk2= Inherent/current Risk C Effect of controls of Vendor2

Latest CISM Dumps Valid Version with 1327 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments