Exam CISM topic 1 question 267 discussion

C for me. I think the most important action is to evaluate the SLA

SLAs come first

B. Provide cloud security requirements The most important action for the information security manager in support of migrating an application to the public cloud is to provide cloud security requirements. This is essential because it sets the foundation for ensuring that security measures are integrated into the cloud migration process. By clearly defining security requirements, the IT department can work with the cloud provider to ensure that the application is deployed securely in the cloud environment.

B. Provide cloud security requirements The most important action for the information security manager in support of migrating an application to the public cloud is to provide cloud security requirements. This is essential because it sets the foundation for ensuring that security measures are integrated into the cloud migration process. By clearly defining security requirements, the IT department can work with the cloud provider to ensure that the application is deployed securely in the cloud environment.

The correct answer is B. Provide cloud security requirements. Explanation: Among the options provided, providing cloud security requirements is the most important action for the information security manager in support of migrating an application to the public cloud.

While reviewing cloud provider independent assessment reports is an important step in the cloud migration process, it is not the information security manager's most important action in this scenario. Assessing the cloud provider's security capabilities: Reviewing independent assessment reports can provide valuable insights into the security controls and practices of the cloud provider. It allows the information security manager to evaluate the provider's adherence to industry standards, certifications, and best practices. However, this action alone does not address the specific security requirements and concerns of the organization's application and data.

C. Evaluate service level agreements (SLAs)

Providing cloud security requirements will ensure that security considerations are taken into account in the cloud migration process. It will help to identify and mitigate risks and ensure that adequate security controls are implemented to protect the organization's data and assets in the cloud environment.

B. Provide cloud security requirements The information security manager's most important action in support of this initiative is to provide cloud security requirements. This includes identifying and documenting the specific security controls, policies and procedures that are required to protect the organization's data and systems in the cloud environment. It also includes ensuring that the cloud provider's security capabilities meet these requirements. By providing clear and comprehensive security requirements, the information security manager can help ensure that the application migration is secure and compliant with relevant regulations and standards.

A. Review cloud provider's security The key to the question is "plan". SLA will come into the picture only when you establish NDA/contract/SLA after finalising one of the multiple identified cloud providers. You will end up providing the cloud security requirements only to the finalised vendor.

evaluate SLAs.

I'll go with B

I believe it should be C.