Which of the following refers to a process that is used for implementing information security?
A.
Classic information security model
B.
Five Pillars model
C.
Certification and Accreditation (C&A)
D.
Information Assurance (IA)
Explanation:
Certification and Accreditation (C&A or CnA) is a process for implementing
information security. It is a systematic procedure for evaluating, describing, testing, and
authorizing systems prior to or after a system is in operation. The C&A process is used extensively
in the U.S. Federal Government. Some C&A processes include FISMA, NIACAP, DIACAP, and
DCID 6/3. Certification is a comprehensive assessment of the management, operational, and
technical security controls in an information system, made in support of security accreditation, to
determine the extent to which the controls are implemented correctly, operating as intended, and
producing the desired outcome with respect to meeting the security requirements for the system.
Accreditation is the official management decision given by a senior agency official to authorize
operation of an information system and to explicitly accept the risk to agency operations (including
mission, functions, image, or reputation), agency assets, or individuals, based on the
Assurance (IA) is the practice of managing risks related to the use, processing, storage, and
transmission of information or data and the systems and processes used for those purposes.
While focused dominantly on information in digital form, the full range of IA encompasses not only
digital but also analog or physical form. Information assurance as a field has grown from the
practice of information security, which in turn grew out of practices and procedures of computer
security.
Assurance (IA) to define assurance requirements. The classic information security model, also
called the CIA Triad, addresses three attributes of information and information systems,
confidentiality, integrity, and availability. This C-I-A model is extremely useful for teaching
introductory and basic concepts of information security and assurance; the initials are an easy
mnemonic to remember, and when properly understood, can prompt systems designers and users
is used in the practice of Information Assurance (IA) to define assurance requirements. It was
promulgated by the U.S. Department of Defense (DoD) in a variety of publications, beginning with
the National Information Assurance Glossary, Committee on National Security Systems Instruction
CNSSI-4009. Here is the definition from that publication: “Measures that protect and defend
information and information systems by ensuring their availability, integrity, authentication,
confidentiality, and non-repudiation. These measures include providing for restoration of
information systems by incorporating protection, detection, and reaction capabilities.” The Five
Pillars model is sometimes criticized because authentication and non-repudiation are not attributes
of information or systems; rather, they are procedures or methods useful to assure the integrity
and authenticity of information, and to protect the confidentiality of the same.