Over the last year, an information security manager has performed risk assessments on multiple third-party vendors.
Which of the following criteria would be MOST helpful in determining the associated level of risk applied to each vendor?
A . Corresponding breaches associated with each vendor
B . Compensating controls in place to protect information security
C . Compliance requirements associated with the regulation
D . Criticality of the service to the organization
Answer: B