CISSP Question #372: Real Exam Question with Answer & Explanation

The correct answer is C: Information System Security Officer (ISSO). The Information System Security Officer (ISSO) is the person who is responsible for ensuring that the appropriate operational security posture is maintained for an information system or program. The ISSO is also responsible for assessing the security impact of any significant cha

Submitted by tunde_lagos· Mar 5, 2026Security and Risk Management

Question

When a system changes significantly, who is PRIMARILY responsible for assessing the security impact?

Options

AChief Information Security Officer (CISO)
BInformation System Owner
CInformation System Security Officer (ISSO)
DAuthorizing Official

Explanation

The Information System Security Officer (ISSO) is the person who is responsible for ensuring that the appropriate operational security posture is maintained for an information system or program. The ISSO is also responsible for assessing the security impact of any significant changes to the system, such as configuration, patching, or upgrading. The ISSO should coordinate with the Information System Owner, the Authorizing Official, and the Chief Information Security Officer (CISO) to report and mitigate any security risks or issues arising from the system changes.

Topics

#Roles and responsibilities#Security impact assessment#System changes#ISSO

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions