CISSP Question #1443: Real Exam Question with Answer & Explanation

Question

A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked with ensuring an optimal level of security. Which of the following would be the FIRST consideration?

Options

• ADefine the cloud migration roadmap and set out which applications and data repositories should
• BEnsure that the contract between the cloud vendor and the firm clearly defines responsibilities for
• CAnalyze the firm's applications and data repositories to determine the relevant control
• DRequest a security risk assessment of the cloud vendor be completed by an independent third-

Explanation

The first consideration for ensuring an optimal level of security for a firm that decided to migrate to cloud is to analyze the firm's applications and data repositories to determine the relevant control requirements. The control requirements are the specifications and expectations for the security controls that are needed to protect the applications and data repositories from the security risks and threats that they may face in the cloud environment. The control requirements can be derived from the security policies and standards, the regulatory and contractual obligations, the business and operational needs, and the risk assessment and analysis of the applications and data repositories. Analyzing the firm's applications and data repositories to determine the relevant control requirements is the first consideration for ensuring an optimal level of security for a firm that decided to migrate to cloud, as it can help to identify and prioritize the security objectives and criteria, and to select and evaluate the appropriate cloud service models, deployment models, and providers that can meet the control requirements.

No community discussion yet for this question.