What is called the formal acceptance of the adequacy of a system’s overall security by the management?

What is called the formal acceptance of the adequacy of a system’s overall security by the management?
A .  Certification
B .  Acceptance
C .  Accreditation
D .  Evaluation

View Answer

Answer: C

Explanation: Accreditation is the authorization by management to implement software or systems in a production environment. This authorization may be either provisional or full.

The following are incorrect answers:

Certification is incorrect. Certification is the process of evaluating the security stance of the software or system against a selected set of standards or policies. Certification is the technical evaluation of a product. This may precede accreditation but is not a required precursor.

Acceptance is incorrect. This term is sometimes used as the recognition that a piece of software or system has met a set of functional or service level criteria (the new payroll system has passed its acceptance test). Certification is the better tem in this context.

Evaluation is incorrect. Evaluation is certainly a part of the certification process but it is not the best answer to the question.

Reference(s) used for this question: The Official Study Guide to the CBK from ISC2, pages 559-560

AIO3, pp. 314 – 317 AIOv4 Security Architecture and Design (pages 369 – 372) AIOv5 Security Architecture and Design (pages 370 – 372)