Oct 13 • 🙋♂️ CISSP
CISSP Practice Question – Third-Party & Supply Chain Risk
Your company relies on a critical SaaS provider for customer onboarding. During a routine review, you learn the provider has added a new sub-processor in a high-risk jurisdiction. Your current contract lacks explicit audit/assessment rights for sub-processors, and the business cannot tolerate downtime on this service.
What should the security manager do FIRST?
A. Issue a risk exception and document acceptance until renewal.
B. Perform a targeted supplier risk assessment focused on the new sub-processor and data flows.
C. Terminate the relationship and move to a contingency provider.
D. Purchase cyber insurance to transfer exposure.
2
16 comments
CISSP Practice Question – Third-Party & Supply Chain Risk
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+43
2
+29
3
+24
4
+23
5
+21
Powered by