Certificate of Cloud Auditing Knowledge (CCAK) — Question 228

Why should the results of third-party audits and certification be relied on when analyzing and assessing the cybersecurity risks in the cloud?

Answer options

• A. To reinforce the role of the internal audit function
• B. To establish an audit mindset within the organization
• C. To contrast the risk generated by the loss of control
• D. To establish an accountability culture within the organization

Correct answer: C

Explanation

Option C is correct because third-party audits highlight the risks associated with losing control over cloud environments, which is crucial for risk assessment. The other options, while beneficial for organizational practices, do not directly address the significance of third-party audits in understanding external risk factors.