Certified Information Security Manager (CISM) — Question 424

An organization wants to ensure its confidential data is isolated in a multi-tenanted environment at a well-known cloud service provider. Which of the following is the BEST way to ensure the data is adequately protected?

Answer options

• A. Verify the provider follows a cloud service framework standard.
• B. Review the provider's information security policies and procedures.
• C. Obtain documentation of the encryption management practices.
• D. Ensure an audit of the provider is conducted to identify control gaps.

Correct answer: D

Explanation

The correct answer is D because conducting an audit helps identify any weaknesses in the provider's controls, which is crucial for protecting confidential data. While verifying standards, reviewing policies, and obtaining documentation are important, they do not provide the same level of assurance about the effectiveness of the security measures in place.