🔥 3-day streak
ISACA CISM — Certified Information Security Manager17 / 121
Question 17 of 121

An information security manager is establishing a security control baseline for a new application being deployed on a third-party PaaS provider. The provider publishes a SOC 2 Type II report and a shared responsibility matrix indicating it manages physical, network, and hypervisor controls. What should the manager do FIRST when tailoring the organization's control baseline for this application?

Reviewed for accuracy · Report an issueNext question