Certificate of Cloud Auditing Knowledge (CCAK) — Question 55

An auditor is performing an audit on behalf of a cloud customer. For assessing security awareness, the auditor should:

Answer options

• A. assess the existence and adequacy of a security awareness training program at the cloud service provider’s organization as the cloud customer hired the auditor to review and cloud service.
• B. assess the existence and adequacy of a security awareness training program at both the cloud customer’s organization and the cloud service provider’s organization.
• C. assess the existence and adequacy of a security awareness training program at the cloud customer’s organization as they hired the auditor.
• D. not assess the security awareness training program as it is each organization’s responsibility

Correct answer: B

Explanation

The correct answer is B because the auditor needs to assess security awareness training at both the cloud customer and the cloud service provider to ensure comprehensive security practices. Options A and C are incorrect as they focus only on one organization, neglecting the responsibility of the other. Option D is wrong because it disregards the auditor's role in evaluating both parties' training programs.