An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?
An organization outgrew its internal data center and is evaluating third-party hosting facilities. In this evaluation, which of the following is a PRIMARY factor for selection?
When an organization evaluates third-party hosting facilities, the primary factor for selection should be the facility's ability to provide an acceptable level of risk. This encompasses evaluating the security measures in place, such as physical access controls, network security, and incident response capabilities, ensuring that the facility meets the organization's overall security requirements and operational standards. While cost-effectiveness, disaster recovery services, and physical access protection measures are important, they fall under the broader category of assessing the facility's risk profile. Cost alone should not compromise the organization's security posture.
I choose "A", The risk over cost.
A is correct
The benefits of DCO may include reduced operational costs, more efficient use of infrastructure, and access to more server, storage or computing capacity on demand. The risks include lack of control over security and disaster recovery, lack of flexibility, problems with SLA fulfillment and vendor lock-in.
I say D...as a Manager, first thing I would look at is the budget, then consider the best options. The facility with the acceptable level of risk may be outside of the company's budget.
A - If the business simply can't afford it, its not a possibility
A. Facility provides an acceptable level of risk is the PRIMARY factor for selection according to cissp. This includes evaluating the security measures in place at the facility, such as physical access controls, network security, and incident response capabilities, to ensure that the facility meets the organization's security requirements and provides an acceptable level of risk for the organization's data and operations. Other factors, such as disaster recovery services, physical access protection measures and cost-effectiveness may also be considered but the primary concern is ensuring that the facility provides an acceptable level of risk.
There are shared responsibilities between the customer and the Hosting providers. Hosting provider is not responsible to mitigate the customers' systems risk. This is the customer responsibility. And cost-effective does not mean no security. So I elect D.
Since the organization outgrew the internal data center, it's looking for a cheaper solution for higher volumes of data. A is not the primary factor.
B and C are all covered under A
As I think like a manager I agree with "D"
A for the test. D for real life.
I'm going with D as it focuses on the principle "most bang for my buck".
Price is part of a risk assesment
I vote for A. A facility that is cost-effective or has strong DR services may not necessarily provide an acceptable level of risk.
I think of cost-benefit analysis contra cost-efficient. Meanwhile cost-efficient is pure about money, cost-benefit covers the balance between security, added value and cost. If i would prioritize cost before security, then i probably make a risk analysis and realize that OPEX/CAPEX of security controls will outpaces the price of more expensive but much safer hosting facility.
Think like a Manager and get a more cost-effective solution with much quality.
Thinking like a CISO. B, C & D are all redundant if the facility does not provide an acceptable level of risk. I.e. You wouldn't take on unacceptable levels of risk to have DR, Physical access protection or to save money.