An organization is planning to host a number of its critical applications in the cloud.
Which of the following is the Best way to gain a broad assurance of the cloud provider’s security posture?
A. A review that includes interviewing key security stakeholders and identifying the key controls that they operate.
B. A review that includes security policies, evidence of the controls, physical site assessments and vulnerability scanning.
C. A review that includes the right to audit on a yearly basis and review of the security clauses in the contract.
D. A review that includes security applications, external audits, intrusion detection and firewall policy reviews.