CGRC Question #72: Real Exam Question with Answer & Explanation

The correct answer is A: Information System Owner. The Information System Owner is the individual primarily responsible for the security of an information system, including determining its sensitivity and required controls. This role is crucial in initiating system authorization activities within an organization.

Security and Privacy Governance, Risk Management, and Compliance Program

Question

The official primarily responsibility for security of an Info System; who establishes sensitivity level and types of controls required to protect the IS and initiates system authorization activities. Response:

Options

AInformation System Owner
BSystem Development Life-Cycle
CRisk Management Framework
DDesignated Representative

Explanation

The Information System Owner is the individual primarily responsible for the security of an information system, including determining its sensitivity and required controls. This role is crucial in initiating system authorization activities within an organization.

Common mistakes.

B. The System Development Life-Cycle (SDLC) is a process for developing and maintaining systems, not an individual responsible for security.
C. The Risk Management Framework (RMF) is a structured process for managing security risks, not an individual responsible for security.
D. While a Designated Representative might act on behalf of an owner, the core responsibility lies with the Information System Owner.

Concept tested. Information System Owner responsibilities

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r2.pdf

Topics

#System Owner#Roles and Responsibilities#Information Security Governance#System Authorization

Community Discussion

No community discussion yet for this question.

Full CGRC Practice Browse All CGRC Questions