Management would like to understand the risk associated with engaging an Infrastructure-as-a-Service (laaS) provider compared to hosting internally. Which of the following would provide the BEST method of comparing risk scenarios?
A.
Mapping risk scenarios according to sensitivity of data
B.
Reviewing mitigating and compensating controls for each risk scenario
C.
Mapping the risk scenarios by likelihood and impact on a chart
Mapping the risk scenarios by likelihood and impact on a chart is the best method of comparing risk scenarios, as it helps to visualize and prioritize the different types and levels of risks associated with each option. A chart can also facilitate the communication and decision-making process by showing the trade-offs and benefits of each option. A chart can be based on qualitative or quantitative data, depending on the availability and accuracy of the information.
References = CISM Review Manual 2022, page 371; CISM Exam Content Outline, Domain 1, Task 1.32; A risk assessment model for selecting cloud service providers; Security best practices for IaaS workloads in Azure
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit