CISSP · Question #254
The PRIMARY purpose of accreditation is to:
The correct answer is B. allow senior management to make an informed decision regarding whether to accept the risk of. According to the CISSP CBK Official Study Guide, the primary purpose of accreditation is to allow senior management to make an informed decision regarding whether to accept the risk of operating the system. Accreditation is the process of formally authorizing a system to operate
Question
The PRIMARY purpose of accreditation is to:
Options
- Acomply with applicable laws and regulations.
- Ballow senior management to make an informed decision regarding whether to accept the risk of
- Cprotect an organization's sensitive data.
- Dverify that all security controls have been implemented properly and are operating in the correct
How the community answered
(49 responses)- A2% (1)
- B86% (42)
- C4% (2)
- D8% (4)
Explanation
According to the CISSP CBK Official Study Guide, the primary purpose of accreditation is to allow senior management to make an informed decision regarding whether to accept the risk of operating the system. Accreditation is the process of formally authorizing a system to operate based on the results of the security assessment and the risk analysis. Accreditation is a management responsibility that involves evaluating the security posture, the residual risk, and the compliance status of the system, and determining if the system is acceptable to operate within the organization's risk tolerance. Accreditation does not necessarily mean that the system complies with applicable laws and regulations, protects the organization's sensitive data, or verifies that all security controls have been implemented properly and are operating in the correct manner, although these may be factors that influence the accreditation decision.
Topics
Community Discussion
No community discussion yet for this question.