Certified Chief Information Security Officer (CCISO) — Question 30

The establishment of a formal risk management framework and system authorization program is essential.
The LAST step of the system authorization process is:

Answer options

• A. Getting authority to operate the system from executive management
• B. Contacting the Internet Service Provider for an IP scope
• C. Changing the default passwords
• D. Conducting a final scan of the live system and mitigating all high and medium level vulnerabilities

Correct answer: A

Explanation

The correct answer is A, as obtaining authority to operate is the final step that ensures executive management has reviewed and approved the system's security posture. Options B and C are not part of the authorization process, and option D, while important, occurs prior to obtaining authorization rather than being the last step.