Question

As the information security officer at your organization, you are concerned that a vendor with access to your purchasing application might become compromised and act as a vector through which your systems may be attacked. You want to establish a vendor risk management process. You would most likely engage all of the following groups EXCEPT:_________

a. Procurement
b. Human Resources
c. Legal
d. Vendor Management

Answer 1

Human resources

Step-by-step explanation:

As an information security officer, I need to establish a vendor risk management process. I will have to engage

Procurement - because that department is directly involved in purchasing and dealing with vendors.

Legal - as I am looking to implement a risk management process, a legal department will help out defining the policy and to avert any lawsuits or government systems

Vendor Management - Because that group is directly dealing with vendors for their registration and other processes.

Human resource is not engaged because we are not looking for new manpower for HR to hire / recruit which makes them irrelevant.