When an organization is using cloud services, the security responsibilities largely vary depending on the service delivery model used, while the accountability for compliance should remain with the:

When an organization is using cloud services, the security responsibilities largely vary depending on the service delivery model used, while the accountability for compliance should remain with the:
A . cloud user.
B . cloud service provider. 0
C . cloud customer.
D . certification authority (CA)

View Answer

Answer: C

Explanation:

According to the ISACA Cloud Auditing Knowledge Certificate Study Guide, the cloud customer is the entity that retains accountability for the business outcome of the system or the processes that are supported by the cloud service1. The cloud customer is also responsible for ensuring that the cloud service meets the legal, regulatory, and contractual obligations that apply to the customer’s business context1. The cloud customer should also perform due diligence and risk assessment before selecting a cloud service provider, and establish a clear and enforceable contract that defines the roles and responsibilities of both parties1.

The cloud user is the entity that uses the cloud service on behalf of the cloud customer, but it is not necessarily accountable for the compliance of the service1. The cloud service provider is the entity that makes the cloud service available to the cloud customer, but it is not accountable for the compliance of the customer’s business context1. The certification authority (CA) is an entity that issues digital certificates to verify the identity or authenticity of other entities, but it is not accountable for the compliance of the cloud service2.

Reference: ISACA Cloud Auditing Knowledge Certificate Study Guide, page 10-11.

Certification authority – Wikipedia