Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise`s information security policy? 

Answer options:

A. Penetration testing
B. Service level monitoring
C. Security awareness training
D. Periodic audits

D

As regular audits can spot gaps in information security compliance, periodic audits can ensure that outsourced service provider comply with the enterprise`s information security policy. Incorrect Answers: A: Penetration testing can identify security vulnerability, but cannot ensure information compliance. B: Service level monitoring can only identify operational issues in the enterprise`s operational environment. It does not play any role in ensuring that outsourced service provider complies with the enterprise`s information security policy. C: Training can increase user awareness of the information security policy, but is less effective than periodic auditing.