Certified Information Security Manager (CISM) — Question 1238

An organization that uses external cloud services extensively is concerned with risk monitoring and timely response. The BEST way to address this concern is to ensure:

Answer options

• A. the availability of continuous technical support.
• B. appropriate service level agreements (SLAs) are in place.
• C. a right-to-audit clause is included in contracts.
• D. internal security standards are in place.

Correct answer: B

Explanation

The correct answer is B because having appropriate service level agreements (SLAs) ensures that the organization has defined expectations and responses regarding service performance and reliability, which is crucial for risk management. While continuous technical support (A), a right-to-audit clause (C), and internal security standards (D) are important, they do not directly address the timely response aspect as effectively as SLAs do.