CISSP-ISSEP · Question #141
Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation?
The correct answer is D. Information System Owner. Option D is correct because the Information System Owner (ISO) holds direct responsibility for a specific system's operation, security posture, and accreditation lifecycle - including continuously monitoring the environment for threats, changes, or vulnerabilities that could affe
Question
Which of the following individuals is responsible for monitoring the information system environment for factors that can negatively impact the security of the system and its accreditation?
Options
- AChief Information Officer
- BChief Information Security Officer
- CChief Risk Officer
- DInformation System Owner
How the community answered
(29 responses)- A3% (1)
- C3% (1)
- D93% (27)
Explanation
Option D is correct because the Information System Owner (ISO) holds direct responsibility for a specific system's operation, security posture, and accreditation lifecycle - including continuously monitoring the environment for threats, changes, or vulnerabilities that could affect the system's authorization to operate.
Why the distractors are wrong:
- A (CIO): The Chief Information Officer sets IT strategy and policy at the organizational level but does not monitor individual systems for accreditation-impacting factors.
- B (CISO): The CISO owns the enterprise-wide security program and policy framework, not the day-to-day environmental monitoring of a specific system.
- C (CRO): The Chief Risk Officer manages broad organizational risk, not the technical and operational security environment of a particular information system.
Memory tip: Think ownership = accountability. If you own the system, you watch over it - just as a homeowner monitors their property for risks, not the city planner (CIO) or fire marshal (CISO).
Topics
Community Discussion
No community discussion yet for this question.