ISC2 Governance, Risk and Compliance (CGRC) Practice Question

While planning a security assessment of the organization's new payroll platform, the lead assessor must invite all key stakeholders to the kickoff meeting. Which stakeholder is chiefly accountable for day-to-day management and life-cycle decisions of the information system and therefore must attend?

Independent auditor or assessor
System owner
Information owner
Chief information security officer (CISO)

Report Issue

Answer Description

The system owner has primary responsibility for the overall procurement, development, integration, modification, operation, maintenance, and eventual disposal of an information system. Because this role is accountable for day-to-day management and life-cycle decisions, the system owner must be involved from the outset of any assessment or audit.

The information owner focuses on data-specific policies, not system operation. An independent auditor/assessor conducts the review but is not responsible for system decisions. The CISO sets enterprise security strategy and oversight but does not manage individual system life cycles. Therefore, including the system owner is essential when establishing stakeholder participation for the assessment.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.

What is the role of a system owner in information system management?

Open an interactive chat with Bash

How does the role of a system owner differ from an information owner?

Open an interactive chat with Bash

Why is the system owner essential for an assessment kickoff meeting?

Open an interactive chat with Bash

What are the primary responsibilities of a system owner?

Open an interactive chat with Bash

How does a system owner differ from an information owner?

Open an interactive chat with Bash

Why doesn’t the CISO or auditor manage the system lifecycle?

Open an interactive chat with Bash

What is the difference between a system owner and an information owner?

Open an interactive chat with Bash

Why is the system owner's participation critical in a security assessment?

Open an interactive chat with Bash

What role does the CISO play compared to the system owner in security assessments?

Open an interactive chat with Bash

ISC2 Governance, Risk and Compliance (CGRC)

Assessment/Audit of Security and Privacy Controls

Your Score:

Settings & Objectives

Security and Privacy Governance, Risk Management, and Compliance Program

Scope of the System

Selection and Approval of Framework, Security, and Privacy Controls

Implementation of Security and Privacy Controls

Assessment/Audit of Security and Privacy Controls

System Compliance

Compliance Maintenance

Random Mixed

Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.

Rotate by Objective

Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Hide Score

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot

AI Bot