A customer changes CCI scoring from the default objective score to another score. In this scenario, what would be a valid reason for making this change?

A customer changes CCI scoring from the default objective score to another score. In this scenario, what would be a valid reason for making this change?
A . The customer has discovered a new SaaS application that is not yet rated in the CCI database.
B . The customer’s organization places a higher business risk weight on vendors that claim ownership of their data.
C . The customer wants to punish an application vendor for providing poor customer service.
D . The customer’s organization uses a SaaS application that is currently listed as "under research".

View Answer

Answer: B

Explanation:

The CCI scoring is a way to measure the security posture of cloud applications based on a set of criteria and weights. The default objective score is calculated by Netskope using industry best practices and standards. However, customers can change the CCI scoring to suit their own business needs and risk appetite. For example, a customer may want to place a higher business risk weight on vendors that claim ownership of their data, as this may affect their data sovereignty and privacy rights. Changing the CCI scoring for this reason would be valid, as it reflects the customer’s own security requirements and preferences. Changing the CCI scoring for other reasons, such as discovering a new SaaS application, punishing an application vendor, or using an application under research, would not be valid, as they do not align with the purpose and methodology of the CCI scoring.

Reference: Netskope Security Cloud Operation & Administration (NSCO&A) – Classroom Course, Module 7: Cloud Confidence Index (CCI), Lesson 1: CCI Overview and Lesson 2: CCI Scoring.