An organization has an ISMS implemented, following ISO 27001 and Annex A controls. The CIO would like to migrate some of the infrastructure to the cloud. Which of the following standards would BEST assist in identifying controls to consider for this migration?
Answer(s): D
ISO/IEC 27017 standard defines the requirements for an information security management system (ISMS). Note that the entire organization is not necessarily affected by the standard, because it all depends on the scope of the ISMS. The scope could be limited by the provider to one group within an organization, and there is no guarantee that any group outside of the scope has appropriate ISMSs in place. It is up to the auditor to verify that the scope of the engagement is ?fit for purpose.? As the customer, you are responsible for determining whether the scope of the certification is relevant for your purposes.
An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
Answer(s): A
Which of the following controls framework should the cloud customer use to assess the overall security risk of a cloud provider?
Answer(s): C
https://www.isaca.org/resources/news-and-trends/newsletters/atisaca/2021/volume-22/preventingthe-next-cybersecurity-attack-with-effective-cloud-security-audits
Which of the following aspects of risk management involves identifying the potential reputational harm and/or financial harm when an incident occurs?
https://compliancecosmos.org/chapter-5-step-three-determining-impact-occurrence
Post your Comments and Discuss ISACA CCAK exam with other Community members:
ccak Commented on June 08, 2023 ccak is hard Anonymous
Our website is free, but we have to fight against bots and content theft. We're sorry for the inconvenience caused by these security measures. You can access the rest of the CCAK content, but please register or login to continue.