A college has implemented a private cloud for students and faculty. The college is required by their accrediting body to ensure that the cloud meets certain confidentiality and privacy requirements. Which of the following represents the LEAST intrusive testing method for the college to use, while ensuring separation of duties during the testing?
A.
A vulnerability assessment should be conducted by the MIS department.
B.
A penetration test should be conducted by an accredited third party.
C.
A penetration test should be conducted by the MIS department.
D.
A vulnerability assessment should be conducted by an accredited third party.
A.