Your organization is planning to engage with a third-party vendor to offload the maintenance of a non-core business application, with the intention of reducing the company's burden of patch management and system upgrades. To ensure that the organizational risk is appropriately managed, which of the following would be the BEST approach?
Procure additional security solutions to protect the business application instead of offloading it.
Renegotiate existing service contracts with the third-party vendor to emphasize risk management.
Enter into a outsourcing agreement with the third-party vendor that includes service level agreements (SLAs) specifically covering security patching and system upgrades.
Purchase cyber insurance to cover potential losses due to system vulnerabilities in the business application.