In: Computer Science
Of the following, who should have PRIMARY responsibility for assessing the security risk associated with an outsourced cloud provider contract?
A. Information security manager
B. Compliance manager
C. Chief information officer
D. Service delivery manager
Correct Answer: A????? or C????? or D???????
______________________
Note
■ Some websites claim that the correct answer is "D" ("Service delivery manager").
■ Others websites claim that the correct answer is "C" ("Chief information officer"). I found also this article on the web "It is the responsibility of the Vendor Risk Management Group to update, review and maintain this policy. The Vendor Risk Management Group consists of the Chief Information Officer, the Chief Financial Officer and the Chief Risk Officer" (https://www.audit.nsw.gov.au/sites/default/files/auditoffice/Governance-and-Policies---Current/Third-Party-Security-Policy.pdf). SO THIS ANSWER COULD BE OK…..
■ To be honest I replied with "A" ("Information security manager")
■ What do you think about that?
Ans- A. Information security manager
It's clearly information security manager because it is information security manager who is responsible for protecting the the organisation computer network and data against the the security breaches all type of viruses or hacker attacks or things associated with these.
It's Information security manager primary responsibility. Other options given have diffrent primary resposibility than assessing the security risk.
Service delivery manager I have responsibilities of delivery of service and responsibility of performance and quality of the services it doesn't includes accessing security risks.
Chief information officer is responsible for management and implementation. it is also responsible for the computer technologies companies are using.
though some new responsibilities given to chief information officer but the primary responsibility for accessing security risk is given to information security manager.
i hope it is clear.
If you have any doubt you can comment.
like if you got your answer.