List four of the nine recommendations in the EBK for a secure procurement process.
What will be an ideal response?
1. Collaborate with various stakeholders (which may include internal client, lawyers, CIOs, CISOs, IT security professionals, privacy professionals, security engineers, suppliers, and others) on the procurement of IT security products and services
2. Ensure the inclusion of risk-based IT security requirements in acquisition plans, cost estimates, statements of work, contracts, and evaluation factors for award, service level agreements, and other pertinent procurement documents
3. Ensure that suppliers understand the importance of IT security
4. Ensure that investments are aligned with enterprise architecture and security requirements
5. Conduct detailed IT investment reviews and security analyses, and review IT investment business cases for security requirements
6. Ensure that the organization's IT contracts do not violate laws and regulations, and require compliance with standards when applicable
7. Specify policies for use of third party information by vendors/partners, and connection requirements/acceptable use policies for vendors that connect to networks
8. Ensure that appropriate changes and improvement actions are implemented as required
9. Whenever applicable, calculate return on investment (ROI) of key purchases related to IT infrastructure and security
You might also like to view...
The ____ input mask character indicates that letter entry is required.
A. ? B. 9 C. L D. >
Which of the following is an example of an operational issue that can lead to an emergency or disaster?
A) Biological accident B) Air contaminants C) Degradation of power D) Sabotage
Describe how benchmarking and best practices are used and where more information on best practices may be found.
What will be an ideal response?
The accompanying figure is an example of contrast in nature.
Answer the following statement true (T) or false (F)