CRISC Certified in Risk and Information Systems Control – Question630

While reviewing a contract of a cloud services vendor, it was discovered that the vendor refuses to accept liability for a sensitive data breach. Which of the following controls will BEST reduce the risk associated with such a data breach?

A.
Engaging a third party to validate operational controls
B. Using the same cloud vendor as a competitor
C. Using field-level encryption with a vendor supplied key
D. Ensuring the vendor does not know the encryption key

Correct Answer: A