nerdexam
(ISC)2

CISSP-ISSEP · Question #11

Which of the following refers to a process that is used for implementing information security?

The correct answer is B. Certification and Accreditation (C&A). Certification and Accreditation (C&A) is correct because it is a formal, structured process - involving defined steps to evaluate (certify) and officially authorize (accredit) an information system to operate - making it the only choice that describes an implementation process ra

Governance and Training

Question

Which of the following refers to a process that is used for implementing information security?

Options

  • AClassic information security model
  • BCertification and Accreditation (C&A)
  • CInformation Assurance (IA)
  • DFive Pillars model

How the community answered

(56 responses)
  • A
    5% (3)
  • B
    89% (50)
  • C
    2% (1)
  • D
    4% (2)

Explanation

Certification and Accreditation (C&A) is correct because it is a formal, structured process - involving defined steps to evaluate (certify) and officially authorize (accredit) an information system to operate - making it the only choice that describes an implementation process rather than a concept or model.

The distractors fall short in distinct ways: the Classic information security model (A) is a conceptual framework (typically the CIA triad), not a process; Information Assurance (IA) (C) is a broad discipline or field of practice, not a specific implementation process; and the Five Pillars model (D) (Availability, Integrity, Authentication, Confidentiality, Non-repudiation) is a reference framework, not a procedure for implementing security.

Memory tip: Think of C&A as "Check, then Approve" - Certification = checking/testing the system meets security requirements; Accreditation = officially approving it to operate. Because it has concrete, sequential steps with a defined outcome (authorization to operate), it is a process, not a model.

Topics

#Certification and Accreditation (C&A)#Information Security Governance#System Authorization

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice