nerdexam
(ISC)2

CAP · Question #357

Which of the following refers to a process that is used for implementing information security?

The correct answer is A. Certification and Accreditation(C&A). Certification and Accreditation (C&A) is a formal process used to implement and verify information security for federal information systems. Certification is the technical evaluation of a system's security controls, while Accreditation is the official management authorization to

Selection and Approval of Framework, Security, and Privacy Controls

Question

Which of the following refers to a process that is used for implementing information security?

Options

  • ACertification and Accreditation(C&A)
  • BInformation Assurance (IA)
  • CFive Pillars model
  • DClassic information security model

How the community answered

(31 responses)
  • A
    90% (28)
  • B
    3% (1)
  • D
    6% (2)

Explanation

Certification and Accreditation (C&A) is a formal process used to implement and verify information security for federal information systems. Certification is the technical evaluation of a system's security controls, while Accreditation is the official management authorization to operate the system based on acceptable risk. C&A is the actionable process for putting security into practice. Information Assurance (IA) is a broader concept referring to the protection of information and systems. The Five Pillars model describes IA goals (availability, integrity, authentication, confidentiality, non-repudiation). The classic information security model (CIA triad) defines security principles, not a process.

Topics

#Certification and Accreditation (C&A)#Information Security Processes#Authorization to Operate (ATO)#Risk Management Framework (RMF)

Community Discussion

No community discussion yet for this question.

Full CAP Practice