Who amongst the following makes the final accreditation decision?
A.
ISSE
B.
CRO
C.
DAA
D.
ISSO
Explanation:
The DAA, also known as Authorizing Official, makes the final accreditation decision.
The Designated Approving Authority (DAA), in the United States Department of Defense, is the
official with the authority to formally assume responsibility for operating a system at an acceptable
level of risk. The DAA is responsible for implementing system security. The DAA can grant the
accreditation and can determine that the system’s risks are not at an acceptable level and the
Officer (ISSO) plays the role of a supporter. The responsibilities of an Information System Security
Officer (ISSO) are as follows: Manages the security of the information system that is slated for
Certification & Accreditation (C&A). Insures the information systems configuration with the
agency’s information security policy. Supports the information system owner/information owner for
the completion of security-related responsibilities. Takes part in the formal configuration
incorrect. An Information System Security Engineer (ISSE) plays the role of an advisor. The
responsibilities of an Information System Security Engineer are as follows: Provides view on the
continuous monitoring of the information system. Provides advice on the impacts of system
changes. Takes part in the configuration management process. Takes part in the development
activities that are required to implement system changes. Follows approved system changes.
Officer (CRMO). The Chief Risk Officer or Chief Risk Management Officer of a corporation is the
executive accountable for enabling the efficient and effective governance of significant risks, and
related opportunities, to a business and its various segments. Risks are commonly categorized as
strategic, reputational, operational, financial, or compliance-related. CRO’s are accountable to the
Executive Committee and The Board for enabling the business to balance risk and reward. In
more complex organizations, they are generally responsible for coordinating the organization’s
Enterprise Risk Management (ERM) approach.