Certified Information Security Manager (CISM) — Question 73

An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager's MOST important action in support of this initiative?

Answer options

• A. Review cloud provider independent assessment reports.
• B. Provide cloud security requirements
• C. Evaluate service level agreements (SLAs)
• D. Calculate security implementation costs

Correct answer: B

Explanation

Providing cloud security requirements is crucial as it sets the foundation for the security posture of the application in the cloud. While reviewing assessments, evaluating SLAs, and calculating costs are important, they are secondary to establishing clear security requirements that must be met by the cloud provider.