Effective CISSP Questions

Your company is considering purchasing new tablets to support salespeople and boost sales. As a senior procurement manager, you are framing the risk context of the information and communications technology supply chain risk management (ICT SCRM). Which of the following should you consider first?
A. Mission functions
B. Types of suppliers (COTS, external service providers, or custom, etc.)
C. Strategic supplier relationships
D. Technologies used organization-wide

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Strategic supplier relationships.

ICT SCRM is one of the most crucial topics in risk management. As you are framing or establishing the risk context, typically conducted at the organization level, the primary concerns are about the overall, high-level strategy.

Technologies used organization-wide are a concern at the information systems level. The risk management strategy may provide some guidance to evaluate technologies, but not technologies themselves.

Mission functions imply the organization in question is the government department or agency. The wording as “mission/business functions” would be much better. Mission/business functions and processes are concerns at tier 2 (Mission/Business Processes) that will give feedback or inform the organization-level decisions. However, there are other inputs and strategic issues that should be addressed first when framing the risk context.

Suppliers matter. Risk management strategy should consider the impact of external entities and provide guidance about how to establish a trust relationship with them. Considering the “types” of suppliers is too limited. Types of suppliers address the business requirements, e.g., a cloud service provider can not meet your needs of maintaining the service level of your on-premise ERP.


Leave a Reply