CISSP · Question #383
When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?
The correct answer is B. Data classification. When adopting software as a service (SaaS), the security responsibility that will remain with the adopting organization is data classification. SaaS is a cloud service model that provides software applications over the internet, hosted and managed by the service provider. The ser
Question
When adopting software as a service (Saas), which security responsibility will remain with remain with the adopting organization?
Options
- APhysical security
- BData classification
- CNetwork control
- DApplication layer control
How the community answered
(31 responses)- A3% (1)
- B94% (29)
- C3% (1)
Explanation
When adopting software as a service (SaaS), the security responsibility that will remain with the adopting organization is data classification. SaaS is a cloud service model that provides software applications over the internet, hosted and managed by the service provider. The service provider is responsible for the security of the physical, network, and application layers, as well as the data storage and processing. However, the adopting organization is still responsible for the security of the data itself, such as the data classification, encryption, backup, and retention. Data classification is the process of assigning labels or categories to the data based on its sensitivity, value, or risk. Data classification can help to determine the appropriate level of protection, access control, and compliance for the data. Physical security, network control, and application layer control are not security responsibilities that will remain with the adopting organization when using SaaS, but they are the responsibilities of the service provider.
Topics
Community Discussion
No community discussion yet for this question.