Certified Information Systems Security Professional (CISSP) — Question 280

A Chief Information Security Officer (CISO) of a firm which decided to migrate to cloud has been tasked with ensuring an optimal level of security. Which of the following would be the FIRST consideration?

Answer options

• A. Analyze the firm's applications and data repositories to determine the relevant control requirements.
• B. Request a security risk assessment of the cloud vendor be completed by an independent third-party.
• C. Define the cloud migration roadmap and set out which applications and data repositories should be moved into the cloud.
• D. Ensure that the contract between the cloud vendor and the firm clearly defines responsibilities for operating security controls.

Correct answer: A

Explanation

The correct answer is A because understanding the firm's specific applications and data repositories is essential to identify the necessary security controls before migration. Options B, C, and D, while important, should follow after the initial analysis of control requirements to ensure tailored security measures are established.