Which of the following persons in an organization is responsible for rejecting or accepting the
residual risk for a system
A.
System Owner
B.
Information Systems Security Officer (ISSO)
C.
Designated Approving Authority (DAA)
D.
Chief Information Security Officer (CISO)