Effective CISSP Questions

Information security is crucial to organizations in both the private and public sectors. When organizations acquire resources, which of the following is not a major organizational concern about a foreign interest that may directly or indirectly affect the supplier? (Wentz QOTD)
A. The ownership of the supplier
B. The control over the election of the supplier’s board of directors
C. The security posture of the supplier
D. The influence toward the governing body of the supplier

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. The security posture of the supplier.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

This question is designed to highlight the regulatory requirements as per 32 CFR § 2004.34 – Foreign ownership, control, or influence (FOCI). Even though CISSP is a neutral certification and not US-specific, it’s good for every organization to address the FOCI concern.

In this question, we are dealing with or evaluating the supplier under FOCI. The focus should be on the ownership, control, and influence of foreign entities. The security posture of the supplier is not a major concern related to FOCI.

Security Posture

The security status of an enterprise’s networks, information, and systems based on information security resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.

Source(s): NIST SP 800-128 under Security Posture from CNSSI 4009 – Adapted


資訊安全對私營和公共部門的組織都至關重要。 當組織獲得資源時,以下哪項不是組織對可能直接或間接影響供應商的外國利益的主要關注點? (Wentz QOTD)
A. 供應商的所有權
B. 對供應商董事會選舉的控制
C. 供應商的安全態勢
D. 對供應商管理機構的影響

Leave a Reply