A university has migrated several services from their internal infrastructure to a third-party
cloud provider. Which of the following is MOST important to the university in order to ensure
an appropriate security posture?
A.
Regular patching applied by the university
B.
Governance and oversight by the cloud provider
C.
Antivirus checks performed by the cloud provider
D.
SLA and metrics requested by the cloud provider
https://scap.nist.gov/events/2009/itsac/presentations/day3/Day3_Cloud_Ritchey.pdf