Certified Cloud Security Engineer (CCSE) — Question 9
An organization wants to detect its hidden cloud infrastructure by auditing its cloud environment and resources such that it shuts down unused/unwanted workloads, saves money, minimizes security risks, and optimizes its cloud inventory. In this scenario, which standard is applicable for cloud security auditing that enables the management of customer data?
Answer options
- A. NIST SP800-53 rev 4
- B. ISO 27001 & 27002
- C. Cloud Security Alliance
- D. SOC2
Correct answer: B
Explanation
The correct answer is B, ISO 27001 & 27002, as these standards focus on information security management systems and provide guidelines for managing customer data effectively. Options A (NIST SP800-53 rev 4) and C (Cloud Security Alliance) pertain to broader security controls and frameworks, while D (SOC2) is specifically for service organizations but does not directly address the management of customer data in the same comprehensive manner as ISO 27001 & 27002.