ISC2 Certified Cloud Security Professional (CCSP) Practice Question
After completing a cloud migration risk assessment, a global engineering firm determines that hosting its intellectual property in a multi-tenant public IaaS environment still leaves the residual confidentiality risk above the organization's tolerance. The security team proposes encrypting all repository data with customer-managed keys and retaining the most sensitive design files on premises as part of a hybrid deployment. From an enterprise risk-management perspective, which risk-treatment option are they recommending?
Enterprise risk-management frameworks such as ISO 31000 and NIST SP 800-30 describe four main ways to address identified risks:
Avoid: eliminate the activity causing the risk.
Transfer/Share: shift the impact to another party (for example, via insurance or contractual clauses).
Mitigate (Reduce): implement controls that lower the likelihood or impact of the risk to an acceptable level.
Accept: take no further action and simply acknowledge the risk.
In this scenario the company will still use the public cloud, so it is not avoiding the risk. It is not buying insurance or contractually shifting liability, so it is not transferring the risk. Nor is it choosing to leave the risk unchanged, so it is not accepting it. Instead, by adding encryption with customer-managed keys and keeping the crown-jewel files on premises, the organization is introducing controls specifically intended to lower the residual confidentiality risk. That approach fits the definition of risk mitigation (risk reduction).
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is residual risk in enterprise risk management?
Open an interactive chat with Bash
How do customer-managed encryption keys enhance security in cloud environments?
Open an interactive chat with Bash
What is the difference between risk avoidance and risk mitigation?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Legal, Risk and Compliance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .