Which of the following would be the BEST information security control framework to implement?

A new company has all its operations in the cloud.

Which of the following would be the BEST information security control framework to implement?
A . NIST 800-73, because it is a control framework implemented by the main cloud providers
B . ISO/IEC 27018
C . ISO/IEC 27002
D . (S) Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM)

View Answer

Answer: D

Explanation:

The Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) would be the best information security control framework to implement for a new company that has all its operations in the cloud.

The CCM is a cybersecurity control framework for cloud computing that is aligned to the CSA best practices and is considered the de-facto standard for cloud security and privacy. The CCM covers 17 domains and 197 control objectives that address all key aspects of cloud technology, such as data security, identity and access management, encryption and key management, incident response, audit assurance, and compliance. The CCM also maps to other industry-accepted security standards, regulations, and frameworks, such as ISO 27001/27002/27017/27018, NIST SP 800-53, PCI DSS, COBIT, FedRAMP, etc., which can help the company to achieve multiple compliance goals with one framework. The CCM also provides guidance on the shared responsibility model between cloud service providers and cloud customers, and helps to define the organizational relevance of each control12.

Reference: Cloud Controls Matrix (CCM) – CSA

Cloud Controls Matrix and CAIQ v4 | CSA – Cloud Security Alliance