CISSP-ISSEP · Question #11
Which of the following refers to a process that is used for implementing information security?
The correct answer is B. Certification and Accreditation (C&A). Certification and Accreditation (C&A) is correct because it is a formal, structured process - involving defined steps to evaluate (certify) and officially authorize (accredit) an information system to operate - making it the only choice that describes an implementation process ra
Question
Which of the following refers to a process that is used for implementing information security?
Options
- AClassic information security model
- BCertification and Accreditation (C&A)
- CInformation Assurance (IA)
- DFive Pillars model
How the community answered
(56 responses)- A5% (3)
- B89% (50)
- C2% (1)
- D4% (2)
Explanation
Certification and Accreditation (C&A) is correct because it is a formal, structured process - involving defined steps to evaluate (certify) and officially authorize (accredit) an information system to operate - making it the only choice that describes an implementation process rather than a concept or model.
The distractors fall short in distinct ways: the Classic information security model (A) is a conceptual framework (typically the CIA triad), not a process; Information Assurance (IA) (C) is a broad discipline or field of practice, not a specific implementation process; and the Five Pillars model (D) (Availability, Integrity, Authentication, Confidentiality, Non-repudiation) is a reference framework, not a procedure for implementing security.
Memory tip: Think of C&A as "Check, then Approve" - Certification = checking/testing the system meets security requirements; Accreditation = officially approving it to operate. Because it has concrete, sequential steps with a defined outcome (authorization to operate), it is a process, not a model.
Topics
Community Discussion
No community discussion yet for this question.