Free Preparation Discussions
MENU
ISC2 CSSLP Exam - Topic 4 Question 81 Discussion
Topic #: 4
Which of the following security models dictates that subjects can only access objects through applications?
The DAA, also known as Authorizing Official, makes the final accreditation decision. The Designated Approving Authority (DAA), in the United
States Department of Defense, is the official with the authority to formally assume responsibility for operating a system at an acceptable level
of risk. The DAA is responsible for implementing system security. The DAA can grant the accreditation and can determine that the system's
risks are not at an acceptable level and the system is not ready to be operational.
Answer D is incorrect. An Information System Security Officer (ISSO) plays the role of a supporter. The responsibilities of an Information
System Security Officer (ISSO) are as follows:
Manages the security of the information system that is slated for Certification & Accreditation (C&A).
Insures the information systems configuration with the agency's information security policy.
Supports the information system owner/information owner for the completion of security-related responsibilities.
Takes part in the formal configuration management process.
Prepares Certification & Accreditation (C&A) packages.
Answer A is incorrect. An Information System Security Engineer (ISSE) plays the role of an advisor. The responsibilities of an
Information System Security Engineer are as follows:
Provides view on the continuous monitoring of the information system.
Provides advice on the impacts of system changes.
Takes part in the configuration management process.
Takes part in the development activities that are required to implement system changes.
Follows approved system changes.
Answer B is incorrect. A Chief Risk Officer (CRO) is also known as Chief Risk Management Officer (CRMO). The Chief Risk Officer or Chief
Risk Management Officer of a corporation is the executive accountable for enabling the efficient and effective governance of significant risks,
and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic, reputational, operational,
financial, or compliance-related. CRO's are accountable to the Executive Committee and The Board for enabling the business to balance risk
and reward. In more complex organizations, they are generally responsible for coordinating the organization's Enterprise Risk Management
(ERM) approach.
Jamal
3 months agoMelvin
3 months agoMatt
3 months agoLashunda
4 months agoAngella
4 months agoWinifred
4 months agoIra
4 months agoOretha
4 months agoKaron
5 months agoSanjuana
5 months agoShanice
5 months agoGerman
5 months agoQuentin
5 months agoBernardine
5 months agoRoxanne
5 months agoLing
10 months agoCecil
10 months agoJulian
8 months agoEvan
9 months agoShawna
9 months agoGerman
9 months agoLavonna
9 months agoStaci
9 months agoGlory
9 months agoDelila
10 months agoLajuana
9 months agoCornell
9 months agoCathern
9 months agoGary
9 months agoDaren
9 months agoPearly
10 months agoViki
10 months agoOzell
10 months agoAliza
10 months agoShad
10 months agoJerry
10 months agoThaddeus
11 months agoOzell
11 months ago