Including security requirements in procurement and contractual agreements ensures that the vendor aligns with the organization's security expectations and that associated costs are transparently understood and budgeted.
Importance
Security measures, such as compliance with standards, encryption requirements, and patch management, often incur additional costs that need to be accounted for upfront.
This avoids disputes or unexpected expenditures later in the relationship.
Comparison of Options
A. Added on after the process is completed: Security must be a part of initial planning, not an afterthought.
C. Aligns with the vendor’s security process: The vendor should align with the organization's security needs, not vice versa.
D. Includes patching costs: Patch management may be part of security requirements but is not the primary reason for inclusion in contracts.
EC-Council References
EC-Council emphasizes cost clarity and the integration of security in procurement processes to avoid gaps in security coverage.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit