Certified Information Security Manager (CISM) — Question 190

Which of the following is MOST important to ensure when an organization is moving portions of its sensitive database to the cloud?

Answer options

• A. The conversion has been approved by the information security team.
• B. A right to audit clause is included in the contract.
• C. Input from data owners is included in the requirements definition.
• D. Data encryption is used in the cloud hosting solution.

Correct answer: C

Explanation

Involving data owners in the requirements definition is crucial as they possess the knowledge necessary to identify sensitive information and compliance needs. While approval from the information security team, an audit clause, and data encryption are important, they do not directly address the specific needs and concerns of the data owners, which can lead to oversights in security and compliance.