Certificate of Cloud Auditing Knowledge (CCAK) — Question 185

Which of the following is MOST important to consider when developing an effective threat model during the introduction of a new SaaS service into a customer organization’s architecture? The threat model:

Answer options

• A. recognizes the shared responsibility for risk management between the customer and the CSP.
• B. leverages SaaS threat models developed by peer organizations.
• C. is developed by an independent third-party with expertise in the organization’s industry sector.
• D. considers the loss of visibility and control from transitioning to the cloud.

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of recognizing the shared responsibility for risk management, which is crucial in a cloud environment. Options B and C focus on external models and expertise but do not address the shared accountability aspect. Option D, while relevant, is more about operational impact rather than the fundamental responsibility for risk management.