Multiple Choice
An infrastructure team within an energy organization is at the end of a procurement process and has selected a vendor's SaaS platform to deliver services. As part of the legal negotiation, there are a number of outstanding risks, including: There are clauses that confirm a data retention period in line with what is in the energy organization's security policy. The data will be hosted and managed outside of the energy organization's geographical location. The number of users accessing the system will be small, and no sensitive data will be hosted in the SaaS platform. Which of the following should the project's security consultant recommend as the NEXT step?
A) Develop a security exemption, as the solution does not meet the security policies of the energy organization.
B) Require a solution owner within the energy organization to accept the identified risks and consequences.
C) Mititgate the risks by asking the vendor to accept the in-country privacy principles and modify the retention period.
D) Review the procurement process to determine the lessons learned in relation to discovering risks toward the end of the process.
Correct Answer:
Verified
Correct Answer:
Verified
Q382: A company wants to configure its wireless
Q383: Ann, a terminated employee, left personal photos
Q384: Ann, a corporate executive, has been the
Q385: A network engineer is upgrading the network
Q386: A large company with a very complex
Q388: A threat advisory alert was just emailed
Q389: Ann, a member of the finance department
Q390: A security analyst is reviewing the following
Q391: A legacy web application, which is being
Q392: During the decommissioning phase of a hardware