Question 98
Main Page
A new CISO discovers that controls are chosen based only on vendor advice. What is the key issue here?
A. Vendor pricing is too high
B. Lack of internal procurement staff
C. Controls must be selected based on risk and business needs, not vendor preferences
D. Security controls should only be free and open-source