Which security audit standard provides the BEST way for an organization to understand a vendor's Information Systems (IS) in relation to confidentiality, integrity, and availability?
A.
Service Organization Control (SOC) 2
B.
Statement on Standards for Attestation Engagements (SSAE) 18
ugh I really dont like questions like this. Technically based on the wording the true answer is that it would be SSAE 18 as this defines how the SOC reports are generated. But the question is would a CEO/manager give a shit what standard was being using or would they just want the SOC 2 report
Even though the officially correct answer is SSAE 18. The organization is concernted with the controls so ima go with SOC 2. SSAE 18 applies to all 3 reports. That would be the CEO answer. You would be in a world of hurt if a ceo for the audit standard to achieve confidentiality, integrity, and availability and you were like well actually the standard is defining 3 reports
Answer A) Service Organization Control (SOC) 2
The other three refer to financial standards. https://ssae-16.com/soc-1/#:~:text=The%20SOC1%20Report%20is%20what,of%20May%201%2C%202017).
Answer is B, the question clearly states "standard". The SSAE 18 is a standard that is used to generate the SOC2 report.
"The Statement on Standards for Attestation Engagements 18, or SSAE 18, is a standard that auditors can use to review the controls of technology vendors and other service providers so that businesses using those vendors can be confident that the vendors’ controls-particularly those related to cybersecurity"
https://reciprocity.com/understanding-ssae-18-requirements/
CISSP Official Study Guide pg 729 - "SOC 2 Engagements Assess the organization's controls that affect the security (confidentiality, integrity, and availability) and privacy of information stored in a system. SOC 2 audit results are confidential and are normally only shared outside the organization under an NDA."
This section is not available anymore. Please use the main Exam Page.CISSP Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
[Removed]
Highly Voted 2 years, 2 months agojackdryan
1 year, 6 months agoRollizo
Highly Voted 2 years, 1 month agoBigITGuy
Most Recent 1 month, 2 weeks agoJarn
5 months, 1 week agoklarak
7 months agoeboehm
7 months, 1 week agoeboehm
7 months, 1 week agodm808
7 months, 3 weeks agoYesPlease
11 months, 1 week ago7f7b53c
11 months, 3 weeks agoDann108
1 year, 2 months agoMShaaban
1 year, 3 months agoHughJassole
1 year, 5 months agoRVoigt
1 year, 8 months agoST811
1 year, 9 months agosomkiatr
1 year, 10 months agoIvanchun
1 year, 10 months agoPetergriffith
1 year, 11 months ago