Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mitewarrior
Newcomer I
‎10-08-2020 02:13 PM
‎10-08-2020 02:13 PM

Need Assistance in Understanding Difference Between Certification And Assurance

Am really sorry if this post is not at all related to this forum as i have recently joined so am not sure exactly on the terms. But i just wanted to ask a question to be clarified regarding my CISSP exam preperation.
I just wanted to understand on the difference between Certification and Accreditation. If a person "A" designing and evaluating a system in a environment does not report correctly and the same report goes to the management for accreditation review and for some unfortunate reasons the system fails so the onus would be on the management who had signed it or on the person "A" who had missed to report the details evaluated correctly.

Reply
0 Kudos
1 Reply
rslade
Influencer II
‎10-08-2020 02:37 PM
‎10-08-2020 02:37 PM

> mitewarrior (Viewer) posted a new topic in Exam Preparation on 10-08-2020 02:13

> I just
> wanted to understand on the difference between Certification and Accreditation.

Certification (of a system, not a security professional) is the process of testing
and assessment to ensure that the system does what it is supposed to do, and will
have the impact on security, and provide the protection, that the
client/customer/system owner expects. (Certification may be part of the
assurance requirements for security overall, and may be based on the functional
requirements.)

Accreditation is the formal acceptance, by senior management or the system
owner, of the system. In a perfect world, one would expect accreditation to rely
on certification. However, there are cases where senior management may accredit
a system where certification has taken place, or refuse to accredit a system that
has passed certification.

======================
rslade@gmail.com rmslade@outlook.com rslade@computercrime.org
"If you do buy a computer, don't turn it on." - Richards' 2nd Law
"Robert Slade's Guide to Computer Viruses" 0-387-94663-2
"Viruses Revealed" 0-07-213090-3
"Software Forensics" 0-07-142804-6
"Dictionary of Information Security" Syngress 1-59749-115-2
"Cybersecurity Lessons from CoVID-19" CRC Press 0367682699
============= for back issues:
[Base URL] site http://victoria.tc.ca/techrev/
CISSP refs: [Base URL]mnbksccd.htm
PC Security: [Base URL]mnvrrvsc.htm
Security Dict.: [Base URL]secgloss.htm
Security Educ.: [Base URL]comseced.htm
Book reviews: [Base URL]mnbk.htm
[Base URL]review.htm
Partial/recent: http://groups.yahoo.com/group/techbooks/
http://en.wikipedia.org/wiki/Robert_Slade
https://is.gd/RotlWB http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply