2d (edited) • 🙋♂️ CISSP
CISSP Question
A global manufacturing firm is under pressure to adopt a new AI-based supply chain optimization tool from a startup to remain competitive. The startup refuses to allow a third-party security audit of its source code, citing intellectual property protection, but offers a standard Service Level Agreement (SLA) with 99.9% availability. What is the BEST approach for the Security Manager to manage the risk of this acquisition?
Options:
A. Negotiate a "Software Escrow" agreement and include specific "Right to Audit" clauses in the final contract.
B. Require the startup to provide a recent SOC 2 Type II report and a summary of their last penetration test.
C. Implement a "Sandboxed" environment for the software to run in isolation from the corporate network.
D. Conduct a "Vendor Risk Assessment" to determine the criticality of the data the software will process.
0
3 comments
CISSP Question
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+35
2
+31
3
+28
4
+26
5
+25
Powered by