Which policy area governs the secure procurement of assets and services, ensuring purchases come from authorized suppliers?

Prepare for the Information Security Principles and Frameworks Test. Enhance your understanding with detailed questions, hints, and explanations. Ace your exam with confidence!

Multiple Choice

Which policy area governs the secure procurement of assets and services, ensuring purchases come from authorized suppliers?

Explanation:
Secure procurement from authorized suppliers is governed by Acquisition/Procurement. This area covers the process of obtaining IT assets and services, including vendor selection, approvals, contract terms, licensing, and ongoing supplier management. By defining who can purchase, which suppliers are approved, and what security and compliance requirements they must meet, it helps ensure that purchases come from trusted sources and that the acquired assets meet security standards. It also supports checks and balances like vendor vetting, contract review, and post-purchase oversight to reduce supply-chain risk and prevent unauthorized or unvetted acquisitions. Standard Naming Convention focuses on consistent labeling of assets for inventory and tracking, not on who is authorized to procure them. Monitoring/Asset Tracking deals with knowing where assets are and their status after purchase. Zero Trust is a security model about verifying every access attempt regardless of location, rather than governing how assets and services are procured.

Secure procurement from authorized suppliers is governed by Acquisition/Procurement. This area covers the process of obtaining IT assets and services, including vendor selection, approvals, contract terms, licensing, and ongoing supplier management. By defining who can purchase, which suppliers are approved, and what security and compliance requirements they must meet, it helps ensure that purchases come from trusted sources and that the acquired assets meet security standards. It also supports checks and balances like vendor vetting, contract review, and post-purchase oversight to reduce supply-chain risk and prevent unauthorized or unvetted acquisitions.

Standard Naming Convention focuses on consistent labeling of assets for inventory and tracking, not on who is authorized to procure them. Monitoring/Asset Tracking deals with knowing where assets are and their status after purchase. Zero Trust is a security model about verifying every access attempt regardless of location, rather than governing how assets and services are procured.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy