CAP · Question #357
Which of the following refers to a process that is used for implementing information security?
The correct answer is A. Certification and Accreditation(C&A). Certification and Accreditation (C&A) is a formal process used to implement and verify information security for federal information systems. Certification is the technical evaluation of a system's security controls, while Accreditation is the official management authorization to
Question
Which of the following refers to a process that is used for implementing information security?
Options
- ACertification and Accreditation(C&A)
- BInformation Assurance (IA)
- CFive Pillars model
- DClassic information security model
How the community answered
(31 responses)- A90% (28)
- B3% (1)
- D6% (2)
Explanation
Certification and Accreditation (C&A) is a formal process used to implement and verify information security for federal information systems. Certification is the technical evaluation of a system's security controls, while Accreditation is the official management authorization to operate the system based on acceptable risk. C&A is the actionable process for putting security into practice. Information Assurance (IA) is a broader concept referring to the protection of information and systems. The Five Pillars model describes IA goals (availability, integrity, authentication, confidentiality, non-repudiation). The classic information security model (CIA triad) defines security principles, not a process.
Topics
Community Discussion
No community discussion yet for this question.