Certified Information Systems Auditor (CISA) — Question 1099

An IS auditor is reviewing an organization’s cloud access security broker (CASB) solution. Which of the following is MOST important for the auditor to verify?

Answer options

• A. Cloud services are classified.
• B. Users are centrally managed.
• C. Cloud processes are resilient.
• D. Users are periodically recertified.

Correct answer: A

Explanation

Verifying that cloud services are classified is crucial for the auditor because it ensures that appropriate security controls are applied based on the sensitivity of the data. While user management, process resilience, and periodic recertification are important, they do not directly address the foundational aspect of data classification, which is essential for effective security management.