December 23, 2021 by Admin
An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?
- Conduct security assessments of vendors based on value of annual spend with each vendor.
- Meet with the head of procurement to discuss aligning security with the organization’s operational objectives.
- Ask internal audit to conduct an assessment of the current state of third-party security controls.
- Escalate the procurement program gaps to the compliance department in case of noncompliance issues.