Which of the following processes culminates in an agreement between key players that a system in its current configuration and operation provides adequate protection controls?

Which of the following processes culminates in an agreement between key players that a system
in its current configuration and operation provides adequate protection controls?

Which of the following processes culminates in an agreement between key players that a system
in its current configuration and operation provides adequate protection controls?

A.
Information Assurance (IA)

B.
Information systems security engineering (ISSE)

C.
Certification and accreditation (C&A)

D.
Risk Management

Explanation:
Certification and accreditation (C&A) is a set of processes that culminate in an
agreement between key players that a system in its current configuration and operation provides
adequate protection controls. Certification and Accreditation (C&A or CnA) is a process for
implementing information security. It is a systematic procedure for evaluating, describing, testing,
and authorizing systems prior to or after a system is in operation. The C&A process is used
extensively in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP,
DIACAP, and DCID 6/3. Certification is a comprehensive assessment of the management,
operational, and technical security controls in an information system, made in support of security
accreditation, to determine the extent to which the controls are implemented correctly, operating
as intended, and producing the desired outcome with respect to meeting the security requirements
for the system. Accreditation is the official management decision given by a senior agency official
to authorize operation of an information system and to explicitly accept the risk to agency
operations (including mission, functions, image, or reputation), agency assets, or individuals,
Risk management is a set of processes that ensures a risk-based approach is used to determine
is the process of organizing and monitoring information-related risks. It ensures that only the
approved users have access to the approved information at the approved time. IA practitioners
seek to protect and defend information and information systems by ensuring confidentiality,
integrity, authentication, availability, and non-repudiation. These objectives are applicable whether
B is incorrect. ISSE is a set of processes and solutions used during all phases of a system’s life
cycle to meet the system’s information protection needs.



Leave a Reply 0

Your email address will not be published. Required fields are marked *