An organization is in the initial phases of cloud adoption. It is not very knowledgeable about cloud security and cloud shared responsibility models. Which of the following approaches is BEST suited for such an organization to evaluate its cloud security?
Cloud Control Matrix (CCM) controls can be used by cloud customers to:
Use elastic servers when possible and move workloads to new instances.
Prioritizing assurance activities for an organization's cloud services portfolio depends PRIMARILY on an organization's ability to:
During an audit it was identified that a critical application hosted in an off-premises cloud is not part of the organization's DRP (Disaster Recovery Plan). Management stated that it is responsible for ensuring that the cloud service provider (CSP) has a plan that is tested annually. What should be the auditor's NEXT course of action?
