A risk assessment team is concerned about hosting data with a cloud service provider (CSP)
which of the following findings would justify this concern?
A.
The CPS utilizes encryption for data at rest and in motion
B.
The CSP takes into account multinational privacy concerns
C.
The financial review indicates the company is a startup
D.
SLA state service tickets will be resolved in less than 15 minutes
I’d go with C – if it’s a startup, we take the risk of the provider going under.
0
0
The author NEVER mention it is an international company. I don’t understand why a risk assessment team takes into account multinational privacy concerns? For most part, we are talking about domestic companies. I spent an hour searching around the web related to Cloud Service Provider. In fact, people care the most is the price, then is the service. Service including data storage. It means encryption for data at rest and in motion is more important than multinational privacy. In my opinion, I would pick A.
Risk assessment deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or a loss of information itself. A vulnerability is a weakness that could be exploited by a threat. Each risk that can be identified should be outlined, described, and evaluated for the likelihood of it occurring. The key components of a risk-assessment process are outlined here: Risks to Which the Organization Is Exposed: This component allows you to develop scenarios that can help you evaluate how to deal with these risks if they occur. An operating system, server, or application may have known risks in certain environments. You should create a plan for how your organization will best deal with these risks and the best way to respond.
Risks That Need Addressing: The risk-assessment component also allows an organization to provide a reality check on which risks are real and which are unlikely. This process helps an organization focus on its resources as well as on the risks that are most likely to occur. For example, industrial espionage and theft are likely, but the risk of a hurricane damaging the server room in Indiana is very low. Therefore, more resources should be allocated to prevent espionage or theft as opposed to the latter possibility.
0
0
Hello Lake, the question is asking about the reason why the risk assessment team would be worried about using that CSP. It makes sense to think it is a startup. If they see the company uses encryption for data at rest and in motion, why should they be worried then?
1
0
The word concerned can be positive or negative. If you look at the answers listed, A,B and D are essential for a good CSP. The only thing that falls into the negative side is C.
It means risk assessment team is concerned (worried) about it.
1
0
I went with C
1
0
Another badly written question:
The question mentions a CSP (cloud service provider)
A – mentions a CPS ( I think they mean CSP) – This refers to “Microsoft CPS (Microsoft Cloud Platform System) is a software stack of Window Server 2012 R2, System Center 2012 R2, and Windows Azure Pack that runs on Dell servers. In addition to that, it “utilizes encryption for data at rest and in motion” which to all extent and purposes is a very good thing.
B – Mentions a CSP – The CSP “takes into account multinational privacy concerns”.
This is also a very good thing when it comes to data protection. A multinational could have an office in London with data in the cloud in Singapore. We must ensure that the laws in Singapore are quite clear and addresses all the privacy concerns London might have. So this is also a very good thing to have.
D. SLA state service tickets will be resolved in less than 15 minutes. This is a very good thing indeed
So A, B and D are very good things to have and the risk assessment team should have no issues at all with it.
The weakest link in here is C-The financial review indicates the company is a startup.
I agree with Juan…it is C. as a startup is a company without a proven track record which had not withstood the test of time, so this is certainly the only risk as far as I am concerned.
0
0