12h • 🙋♂️ CISSP
CISSP Practice Question (Domain 1: Security and Risk Management)
An organization's CISO discovers that a third-party SaaS vendor processing customer PII has been acquired by a foreign company. The acquiring company is headquartered in a jurisdiction with government data access laws that conflict with the organization's regulatory obligations under GDPR. The vendor contract has 18 months remaining.
What should the CISO do FIRST?
A. Invoke the contract's termination-for-convenience clause and begin immediate vendor transition planning
B. Conduct a risk assessment to evaluate the change in data sovereignty exposure and regulatory compliance impact
C. Require the vendor to migrate all customer data to data centers located within approved jurisdictions
D. Notify the Data Protection Authority and affected customers of the potential cross-border data transfer
Come back for the answer tomorrow, or study more now!
1
13 comments
CISSP Practice Question (Domain 1: Security and Risk Management)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+90
2
+51
3
+42
4
+39
5
+34
Powered by