Certificate of Cloud Auditing Knowledge (CCAK) — Question 98

You have been assigned the implementation of an ISMS, whose scope must cover both on premise and cloud infrastructure. Which of the following is your BEST option?

Answer options

• A. Implement ISO/IEC 27002 and complement it with additional controls from the CCM.
• B. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27017.
• C. Implement ISO/IEC 27001 and complement it with additional controls from ISO/IEC 27002.
• D. Implement ISO/IEC 27001 and complement it with additional controls from the NIST SP 800-145.

Correct answer: B

Explanation

The best option is B because ISO/IEC 27001 provides the management system framework, and ISO/IEC 27017 offers specific guidance for cloud security controls. Options A and C do not address the cloud aspect sufficiently, while option D is less relevant to the specific needs of cloud infrastructure integration.