CSSLP · Question #21
CSSLP Question #21: Real Exam Question with Answer & Explanation
The correct answer is B: An ISSE provides advice on the continuous monitoring of the information system.. The ISSO manages system security for C&A, while the ISSE advises on continuous monitoring and the impacts of system changes.
Question
The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE? Each correct answer represents a complete solution. Choose all that apply.
Options
- AAn ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
- BAn ISSE provides advice on the continuous monitoring of the information system.
- CAn ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
- DAn ISSE provides advice on the impacts of system changes.
- EAn ISSO takes part in the development activities that are required to implement system changes.
Explanation
The ISSO manages system security for C&A, while the ISSE advises on continuous monitoring and the impacts of system changes.
Common mistakes.
- A. An ISSE provides engineering advice and guidance for system security; they do not typically hold the management responsibility for the overall security of an information system undergoing C&A, which falls to the ISSO or System Owner.
- E. While an ISSO works closely with development teams, their primary role is security oversight and management, not direct participation in the technical development activities required to implement system changes.
Concept tested. Roles and responsibilities of ISSO and ISSE
Reference. https://csrc.nist.gov/publications/detail/sp/800-160/vol-1/final
Topics
Community Discussion
No community discussion yet for this question.