The first course of action for a risk practitioner when an organization plans to adopt a cloud computing strategy is to perform a controls assessment. This means evaluating the existing controls in the organization and the cloud service provider, and identifying the gaps and weaknesses that need to be addressed. A controls assessment can help to determine the level of risk exposure and the suitability of the cloud service model and provider for the organization’s needs and objectives. It can also help to establish the baseline for monitoring and reporting on the cloud service performance and compliance. References = Risk and Information Systems Control Study Manual, Chapter 5, Section 5.3.2.2, p. 242-243
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit