CISSP Question #1088: Real Exam Question with Answer & Explanation

Question

What should be used to determine the risks associated with using Software as a Service (SaaS) for collaboration and email?

Options

• ACloud access security broker (CASB)
• BOpen Web Application Security Project (OWASP)
• CProcess for Attack Simulation and Threat Analysis (PASTA)
• DCommon Security Framework (CSF)

Explanation

The Common Security Framework (CSF) is a set of security standards, best practices, and tools developed by the Health Information Trust Alliance (HITRUST) to help organizations manage the risks and compliance requirements associated with using cloud services, such as Software as a Service (SaaS). The CSF covers 19 domains of security controls, such as access control, audit logging, encryption, incident management, and vulnerability management. The CSF also provides a certification program and a self-assessment tool for organizations to measure and demonstrate their adherence to the CSF requirements. The CSF is designed to be flexible, scalable, and customizable to suit the needs and objectives of different types and sizes of organizations. The CSF is not specific to the healthcare industry, although it incorporates some healthcare-related regulations and standards, such as the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI DSS). The CSF can be used to determine the risks associated with using SaaS for collaboration and email, as well as other cloud services and applications.

No community discussion yet for this question.