Certified Cloud Security Engineer (CCSE) — Question 14

The tech giant TSC uses cloud for its operations. As a cloud user, it should implement an effective risk management lifecycle to measure and monitor high and critical risks regularly. Additionally, TSC should define what exactly should be measured and the acceptable variance to ensure timely mitigated risks. In this case, which of the following can be used as a tool for cloud risk management?

Answer options

• A. Cloud Security Alliance
• B. Information System Audit and Control Association
• C. CSA CCM Framework
• D. Committee of Sponsoring Organizations

Correct answer: C

Explanation

The CSA CCM Framework is specifically designed to assist organizations in managing cloud risks by providing a set of security controls and best practices tailored for cloud environments. The other options, while related to security and governance, do not focus exclusively on cloud risk management in the same structured way as the CSA CCM Framework does.