nerdexam
(ISC)2

CAP · Question #144

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about

The correct answer is A. An ISSO manages the security of the information system that is slated for Certification C. An ISSE provides advice on the continuous monitoring of the information system. E. An ISSE provides advice on the impacts of system changes.. In the NIST Risk Management Framework (RMF), the ISSO (Information System Security Officer) and ISSE (Information System Security Engineer) have distinct roles. The ISSO is responsible for managing the day-to-day security of the information system, including overseeing its securi

System Compliance

Question

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AAn ISSO manages the security of the information system that is slated for Certification
  • BAn ISSE manages the security of the information system that is slated for Certification &
  • CAn ISSE provides advice on the continuous monitoring of the information system.
  • DAn ISSO takes part in the development activities that are required to implement system ch
  • EAn ISSE provides advice on the impacts of system changes.

How the community answered

(40 responses)
  • A
    88% (35)
  • B
    8% (3)
  • D
    5% (2)

Explanation

In the NIST Risk Management Framework (RMF), the ISSO (Information System Security Officer) and ISSE (Information System Security Engineer) have distinct roles. The ISSO is responsible for managing the day-to-day security of the information system, including overseeing its security posture throughout the certification/accreditation process (A is true). The ISSE serves as a technical advisor and provides guidance on security engineering activities - including advising on the continuous monitoring strategy (C is true) and advising on the security impact of proposed system changes (E is true). Option B is false because it is the ISSO, not the ISSE, who manages the system's security. Option D is false because taking part in development activities to implement system changes is a role associated with the ISSE, not the ISSO.

Topics

#ISSO roles#ISSE roles#System security management#Compliance lifecycle

Community Discussion

No community discussion yet for this question.

Full CAP Practice