Certified Information Security Manager (CISM) — Question 971

An organization's human resources (HR) department is planning to migrate a legacy application to a new application in the cloud. What is the BEST way for the information security manager to support this effort?

Answer options

• A. Encrypt the data to the cloud so that the data is secure.
• B. Conduct vulnerability scans on the cloud provider.
• C. Update the policies to add controls for protecting the data.
• D. Conduct a security assessment on the cloud provider.

Correct answer: D

Explanation

Conducting a security assessment on the cloud provider (D) is crucial as it helps identify potential risks and ensures that the provider meets security requirements. While encrypting data (A) is important, it does not address the overall security posture of the provider. Vulnerability scans (B) are beneficial but do not provide a comprehensive view of the provider's security measures. Updating policies (C) is necessary, but it alone does not ensure that the cloud provider has adequate security controls in place.