Certified Information Security Manager (CISM) — Question 1148

Which of the following is the BEST way to ensure data is not co-mingled or exposed when using a cloud service provider?

Answer options

• A. Require the provider to follow stringent data classification procedures.
• B. Obtain an independent audit report.
• C. Review the provider's information security policies.
• D. Include high penalties for security breaches in the contract.

Correct answer: B

Explanation

Obtaining an independent audit report (B) provides an objective assessment of the provider's security measures and ensures they are following best practices to prevent data exposure. While requiring stringent data classification procedures (A), reviewing security policies (C), and including penalties for breaches (D) are important, they do not provide the same level of assurance as an independent audit report.