D. Using the organization’s risk management framework
Controls should be designed by an organization using its risk management framework. This ensures that the controls are tailored to the specific risks and needs of the organization, taking into account its unique environment, regulatory requirements, and business objectives. The risk management framework provides a structured approach to identify, assess, manage, and monitor risks, enabling the design of effective and appropriate controls.
Agreed, Answer D
p. 301, CCAK Study Guide -
"With the cloud's shared responsibility model, the assessor or auditor must establish how the organization has approached the process of designing controls against its own risk management framework and policies."
Should be D. Audit team just suggets control based on risk management.
upvoted 4 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Auditor2020
3Â months, 3Â weeks agoME79
2Â years agoGhac101
2Â years, 3Â months agobportuguez
2Â years, 3Â months ago