A cloud security manager at a financial institution is negotiating a new service level agreement (SLA) with a third-party cloud service provider. Which component should be included in the SLA to best protect the organization's interests during a security incident?
Requirement for the provider to hire security professionals with specific certifications
Definition of response time requirements for security incidents based on severity levels
Mandate for quarterly security assessments of the provider's environment
Specification of hardware brands the provider must use in their infrastructure
The correct answer is the definition of response time requirements for security incidents. Service-Level Agreements (SLAs) should clearly define how quickly the service provider must respond to different types of security incidents based on their severity. This is crucial because during a security incident, time is critical, and delays in response can significantly increase the impact and damage. A well-crafted SLA will categorize incidents by severity and specify different response time commitments for each level.
The other options, while they may be important in other contexts, are not as effective for protecting an organization during a security incident:
Specifying hardware brands for the provider's infrastructure is too prescriptive and doesn't address incident response capabilities.
Requiring the provider to hire certified professionals is important for general security posture but doesn't guarantee timely incident response.
Mandating quarterly security assessments is valuable for ongoing security governance but doesn't help during an active security incident when immediate response is needed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are response time requirements in an SLA?
Open an interactive chat with Bash
Why is defining severity levels important in an SLA?
Open an interactive chat with Bash
What types of incidents are typically included in SLA severity levels?
Open an interactive chat with Bash
ISC2 CISSP
Security Operations
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access