Certificate of Cloud Auditing Knowledge (CCAK) — Question 261

When identifying the governance stakeholders in an organization, which of the following roles would MOST likely be responsible for setting the security requirements and frameworks for cloud migration?

Answer options

• A. IT department
• B. Governance, risk, and compliance (GRC)
• C. Security department
• D. Security consultants

Correct answer: B

Explanation

The Governance, risk, and compliance (GRC) role is primarily responsible for setting security requirements and frameworks, especially during cloud migration, as it encompasses governance and compliance aspects. The IT department, while important, typically implements the requirements rather than sets them. The Security department focuses on implementing security measures, and Security consultants provide advice but do not set the overarching frameworks.