Certified Authorization Professional (CAP) — Question 26

The Information System Security Officer (ISSO) and Information System Security Engineer (ISSE) play the role of a supporter and advisor, respectively. Which of the following statements are true about ISSO and ISSE?
Each correct answer represents a complete solution. Choose all that apply.

Answer options

• A. An ISSE provides advice on the impacts of system changes.
• B. An ISSE manages the security of the information system that is slated for Certification & Accreditation (C&A).
• C. An ISSO manages the security of the information system that is slated for Certification & Accreditation (C&A).
• D. An ISSO takes part in the development activities that are required to implement system changes.
• E. An ISSE provides advice on the continuous monitoring of the information system.

Correct answer: A, C, E

Explanation

The correct responses A, C, and E accurately reflect the roles of the ISSO and ISSE. An ISSE indeed advises on system changes and continuous monitoring, while an ISSO is responsible for managing system security during the Certification & Accreditation process. However, option B is incorrect as it misattributes the management role of security to the ISSE instead of the ISSO, and option D does not accurately describe the ISSO's primary responsibilities.