13d • 🙋♂️ CISSP
CISSP Practice Question (Domain 1: Security and Risk Management - Third-Party Risk)
Your SaaS CRM vendor notifies you that a subprocessor they rely on for email delivery suffered a breach. Your customer contact data was likely exposed. The vendor cannot yet confirm scope or timeline. What should the CISO do FIRST?
A. Notify affected customers within 72 hours to meet GDPR deadlines
B. Trigger the incident response plan and engage legal counsel on breach notification obligations
C. Terminate the contract with the CRM vendor for failing to secure its supply chain
D. Demand the subprocessor provide forensic evidence directly to your security team
Come back for the answer tomorrow, or study more now!
2
28 comments
CISSP Practice Question (Domain 1: Security and Risk Management - Third-Party Risk)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+43
2
+42
3
+34
4
+33
5
+30
Powered by