For an auditor auditing an organization’s cloud resources, which of the following should be of GREATEST concern?
A.
The organization does not have separate policies for governing its cloud environment.
B.
The organization’s IT team does not include resources with cloud certifications.
C.
The organization does not perform periodic reviews or control monitoring for its cloud environment, but it has a documented audit plan and performs an audit for its cloud environment every alternate year.
D.
The risk management team reports to the head of audit.
C. The organization does not perform periodic reviews or control monitoring for its cloud environment, but it has a documented audit plan and performs an audit for its cloud environment every alternate year.
The greatest concern for an auditor should be the absence of periodic reviews or control monitoring for the cloud environment. Regular monitoring and reviews are essential for identifying and responding to security incidents, compliance issues, and changes in the risk landscape. Without ongoing monitoring, the organization may not be aware of vulnerabilities or non-compliance until an audit is conducted, which in this case, occurs only every alternate year. This gap in continuous oversight increases the risk of undetected security breaches and compliance violations.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Auditor2020
5 days ago