Which of the following is the MOST critical security consideration when an enterprise outsource its
major part of IT department to a third party whose servers are in foreign company?

A.
A security breach notification may get delayed due to time difference

B.
The enterprise could not be able to monitor the compliance with its internal security and privacy
guidelines

C.
Laws and regulations of the country of origin may not be enforceable in foreign country

D.
Additional network intrusion detection sensors should be installed, resulting in additional cost

Explanation:

Laws and regulations of the country of origin may not be enforceable in foreign country and
conversely, it is also true that laws and regulations of the foreign outsourcer may also impact the
enterprise. Hence violation of applicable laws may not be recognized or rectified due to lack of
knowledge of the local laws.
Answer B is incorrect. Outsourcing does not remove the enterprise’s responsibility regarding
internal requirements. Hence monitoring the compliance with its internal security and privacy
guidelines is not a problem.
Answer A is incorrect. Security breach notification is not a problem and also time difference does
not play any role in 24/7 environment. Pagers, cellular phones, telephones, etc. are there to
communicate the notifications.
Answer D is incorrect. The need for additional network intrusion detection sensors is not a major
problem as it can be easily managed. It only requires addition funding, but can be addressed.