Formal Acceptance of System Security by Management
Question
What is called the formal acceptance of the adequacy of a system's overall security by the management?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Accreditation is the authorization by management to implement software or systems in a production environment.This authorization may be either provisional or full.
The following are incorrect answers: Certification is incorrect.Certification is the process of evaluating the security stance of the software or system against a selected set of standards or policies.
Certification is the technical evaluation of a product.This may precede accreditation but is not a required precursor.
Acceptance is incorrect.This term is sometimes used as the recognition that a piece of software or system has met a set of functional or service level criteria (the new payroll system has passed its acceptance test).Certification is the better tem in this context.
Evaluation is incorrect.Evaluation is certainly a part of the certification process but it is not the best answer to the question.
Reference(s) used for this question: The Official Study Guide to the CBK from ISC2, pages 559-560 AIO3, pp.
314 - 317 - AIOv4 Security Architecture and Design (pages 369 - 372) AIOv5 Security Architecture and Design (pages 370 - 372)
The formal acceptance of the adequacy of a system's overall security by the management is called Accreditation.
Accreditation is a formal process of evaluating and certifying the security of an information system. It is the final step in the system security certification and accreditation process. Accreditation is a risk management decision that involves evaluating the overall security posture of a system and determining if it is acceptable for operation.
During the accreditation process, an independent organization or individual assesses the system's security controls and verifies that they are operating as intended. The accreditation process includes evaluating the system's security documentation, testing security controls, and reviewing the results of security assessments.
Once the system has been evaluated, the accreditation authority reviews the results of the assessment and makes a final determination as to whether or not the system can be accredited. If the system is accredited, it is deemed acceptable for operation and can be deployed to production.
In summary, accreditation is the formal acceptance of the adequacy of a system's overall security by the management, and it is the final step in the system security certification and accreditation process.
