🔥 3-day streak
ISACA CISM — Certified Information Security Manager82 / 121
Question 82 of 121

A financial services firm outsources credit card payment processing to a third-party provider. The contract shifts operational responsibility to the provider, but recent breach headlines have made the firm's leadership nervous about reputational and regulatory consequences if the provider is compromised. The information security manager is asked to characterize the firm's residual exposure after this outsourcing arrangement. Which statement should the security manager convey to leadership?

Reviewed for accuracy · Report an issueNext question