Certified Information Systems Security Professional – CISSP – Question140

What MUST each information owner do when a system contains data from multiple information owners?

A.
Provide input to the Information System (IS) owner regarding the security requirements of the data
B. Review the Security Assessment report (SAR) for the Information System (IS) and authorize the IS to operate.
C. Develop and maintain the System Security Plan (SSP) for the Information System (IS) containing the data
D. Move the data to an Information System (IS) that does not contain data owned by other information owners

Correct Answer: C