When evaluating third-party applications, which of the following is the GREATEST responsibility of Information Security?
A. Accept the risk on behalf of the organization.
B. Report findings to the business to determine security gaps.
C. Quantify the risk to the business for product selection.
D. Approve the application that best meets security requirements.
Randy but it says GREATEST, not FIRST…
D seems like the greatest to me
I think C happens first and then from qualified products best would be selected. So C seems correct answer.
what about D?