What is called the formal acceptance of the adequacy of a system's overall security by the management?
A. Certification
B. Acceptance
C. Accreditation
D. Evaluation
A. Certification
B. Acceptance
C. Accreditation
D. Evaluation
Correct Answer: C
Explanation:
Accreditation is the authorization by management to implement software or systems in a production environment. This authorization may be either provisional or full.
The following are incorrect answers:
Certification is incorrect. Certification is the process of evaluating the security stance of the software or system against a selected set of standards or policies. Certification is the technical evaluation of a product. This may precede accreditation but is not a required precursor.
Acceptance is incorrect. This term is sometimes used as the recognition that a piece of software or system has met a set of functional or service level criteria (the new payroll system has passed its acceptance test). Certification is the better tem in this context.
Evaluation is incorrect. Evaluation is certainly a part of the certification process but it is not the best answer to the question.
Reference(s) used for this question: The Official Study Guide to the CBK from ISC2, pages 559-560
AIO3, pp. 314 -317 AIOv4 Security Architecture and Design (pages 369 -372) AIOv5 Security Architecture and Design (pages 370 -372)
The following are incorrect answers:
Certification is incorrect. Certification is the process of evaluating the security stance of the software or system against a selected set of standards or policies. Certification is the technical evaluation of a product. This may precede accreditation but is not a required precursor.
Acceptance is incorrect. This term is sometimes used as the recognition that a piece of software or system has met a set of functional or service level criteria (the new payroll system has passed its acceptance test). Certification is the better tem in this context.
Evaluation is incorrect. Evaluation is certainly a part of the certification process but it is not the best answer to the question.
Reference(s) used for this question: The Official Study Guide to the CBK from ISC2, pages 559-560
AIO3, pp. 314 -317 AIOv4 Security Architecture and Design (pages 369 -372) AIOv5 Security Architecture and Design (pages 370 -372)