What is called the formal acceptance of the adequacy of a system’s overall security by the management?
A.
Certification
B.
Acceptance
C.
Accreditation
D.
Evaluation
Explanation:
Accreditation is the authorization by management to implement software or systems in a production
environment. This authorization may be either provisional or full. The following are incorrect answers:
Certification is incorrect. Certification is the process of evaluating the security stance of the software or system
against a selected set of standards or policies. Certification is the technical evaluation of a product. This may
precede accreditation but is not a required precursor. Acceptance is incorrect. This term is sometimes used as
the recognition that a piece of software or system has met a set of functional or service level criteria (the new
payroll system has passed its acceptance test). Certification is the better term in this context. Evaluation is
incorrect. Evaluation is certainly a part of the certification process but it is not the best answer to the question.
The Official Study Guide to the CBK from ISC2, pages 559-560 AIO3, pp. 314 – 317 AIOv4
Security Architecture and Design (pages 369 – 372) AIOv5 Security Architecture and Design (pages 370 – 372)