nerdexam
(ISC)2

CAP · Question #192

Which of the following individuals is responsible for ensuring the security posture of the organization's information system?

The correct answer is A. Authorizing Official. Under NIST SP 800-37 (Risk Management Framework), the Authorizing Official (AO) - formerly called the Designated Approving Authority (DAA) - is the senior official responsible for accepting the risk of operating an information system and ensuring it maintains an acceptable securi

Security and Privacy Governance, Risk Management, and Compliance Program

Question

Which of the following individuals is responsible for ensuring the security posture of the organization's information system?

Options

  • AAuthorizing Official
  • BChief Information Officer
  • CSecurity Control Assessor
  • DCommon Control Provider

How the community answered

(33 responses)
  • A
    88% (29)
  • B
    3% (1)
  • C
    6% (2)
  • D
    3% (1)

Explanation

Under NIST SP 800-37 (Risk Management Framework), the Authorizing Official (AO) - formerly called the Designated Approving Authority (DAA) - is the senior official responsible for accepting the risk of operating an information system and ensuring it maintains an acceptable security posture. The Chief Information Officer (CIO) oversees IT strategy organization-wide but does not hold individual system accountability. The Security Control Assessor evaluates controls but does not have authorization authority. The Common Control Provider supplies inherited controls. The AO holds the ultimate accountability for the system's security posture.

Topics

#Authorizing Official#Roles and Responsibilities#Security Posture#Risk Management Framework

Community Discussion

No community discussion yet for this question.

Full CAP Practice