Certified in Risk and Information Systems Control (CRISC) — Question 829

Which of the following should be the risk practitioner's FIRST course of action when an organization plans to adopt a cloud computing strategy?

Answer options

Correct answer: C

Explanation

The correct answer is C, as conducting a threat analysis is essential to identify potential risks and vulnerabilities associated with cloud computing. Options A and D are important but come after understanding the threats, while option B is premature without assessing risks first.