Need Assistance in Understanding Difference Between Certification And Assurance
Am really sorry if this post is not at all related to this forum as i have recently joined so am not sure exactly on the terms. But i just wanted to ask a question to be clarified regarding my CISSP exam preperation. I just wanted to understand on the difference between Certification and Accreditation. If a person "A" designing and evaluating a system in a environment does not report correctly and the same report goes to the management for accreditation review and for some unfortunate reasons the system fails so the onus would be on the management who had signed it or on the person "A" who had missed to report the details evaluated correctly.
Re: Need Assistance in Understanding Difference Between Certification And Assurance
> mitewarrior (Viewer) posted a new topic in Exam Preparation on 10-08-2020 02:13
> I just > wanted to understand on the difference between Certification and Accreditation.
Certification (of a system, not a security professional) is the process of testing and assessment to ensure that the system does what it is supposed to do, and will have the impact on security, and provide the protection, that the client/customer/system owner expects. (Certification may be part of the assurance requirements for security overall, and may be based on the functional requirements.)
Accreditation is the formal acceptance, by senior management or the system owner, of the system. In a perfect world, one would expect accreditation to rely on certification. However, there are cases where senior management may accredit a system where certification has taken place, or refuse to accredit a system that has passed certification.