Audits should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. They should also use what type of auditors?
A.
Auditors working in the interest of the cloud customer
B.
Independent auditors
C.
Certified by CSA
D.
Auditors working in the interest of the cloud provider
The audits should use:
B. Independent auditors.
Independent auditors are external professionals or organizations that are not directly affiliated with the cloud customer or the cloud provider. They have the necessary expertise and objectivity to assess the security controls, practices, and compliance of the cloud environment. Independent auditors follow established auditing standards and frameworks and conduct audits with impartiality and integrity.
Using independent auditors helps ensure a neutral and unbiased evaluation of the cloud service provider's security measures and adherence to industry best practices and standards. They provide an objective assessment of the cloud provider's security posture, offering confidence to cloud customers and other stakeholders regarding the effectiveness of security controls in place.
(Security Guidance p57) Proper organizational governance naturally includes audit and assurance. Audits must be independently conducted and should be robustly designed to reflect best practice, appropriate resources, and tested protocols and standards. Before delving into cloud implications we need to define the scope of audit management related to information security.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Brainiac
3 weeks, 2 days agoJoAsiaGje
2 months ago