nerdexam
(ISC)2

CAP · Question #175

What are the responsibilities of a system owner? Each correct answer represents a complete solution. Choose all that apply.

The correct answer is A. Integrates security considerations into application and system purchasing decisions and B. Ensures that the systems are properly assessed for vulnerabilities and must report any to the C. Ensures that adequate security is being provided by the necessary controls, password. A system owner is responsible for the overall procurement, development, integration, modification, operation, maintenance, and retirement of an information system. Their responsibilities include: (A) integrating security into purchasing and acquisition decisions; (B) ensuring sys

System Compliance

Question

What are the responsibilities of a system owner? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AIntegrates security considerations into application and system purchasing decisions and
  • BEnsures that the systems are properly assessed for vulnerabilities and must report any to the
  • CEnsures that adequate security is being provided by the necessary controls, password
  • DEnsures that the necessary security controls are in place.

How the community answered

(34 responses)
  • A
    94% (32)
  • D
    6% (2)

Explanation

A system owner is responsible for the overall procurement, development, integration, modification, operation, maintenance, and retirement of an information system. Their responsibilities include: (A) integrating security into purchasing and acquisition decisions; (B) ensuring systems are assessed for vulnerabilities and reporting them appropriately; and (C) ensuring adequate security controls such as passwords and access controls are in place. Option D - 'Ensures that the necessary security controls are in place' - is typically attributed to the Information System Security Officer (ISSO) or the Authorizing Official rather than the system owner as a distinct standalone responsibility in standard frameworks. The system owner collaborates on this but does not solely own it as a unique responsibility separate from the others listed.

Topics

#System Owner Responsibilities#Security Controls#Vulnerability Management#Security Governance

Community Discussion

No community discussion yet for this question.

Full CAP Practice