An information security manager is assisting in the developmentof the request for proposal (RFP) for a new outsourced service.This will require the third party to
have access to critical business information. The securitymanager should focus PRIMARILY on defining:
A. security metrics
B. service level agreements (SLAs)
C. risk-reporting methodologies
D. security requirements for the process being outsourced
Correct Answer: ?????????????
____________________
â– Answer A (security metrics) is believed to bethe correct one (but often they are not)
â– But I do not believe that answer is the correct one
â– I am undecided on 2 answers:
  1) A. Service Level Agreements(SLAs): defines the level of service you expect from avendor, laying out the \"metrics\" by which service is measured
  2) D. Security Requirements for the processbeing outsourced: Since the process is at the RFP step,the information security manager should focus on securityrequirements
â– Please enter an explanation of why that answer is correct andwhy the others are not.
Many Thanks!
