Which of the following refers to a process that is used for implementing information security?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D is incorrect.
Information Assurance (IA) is the practice of managing risks related to the use, processing, storage, and transmission of information or.
Certification and Accreditation (C&A or CnA) is a process for implementing information security.
It is a systematic procedure for evaluating, describing, testing, and authorizing systems prior to or after a system is in operation.
The C&A process is used extensively in the U.S.
Federal Government.
Some C&A processes include FISMA, NIACAP, DIACAP, and DCID 6/3
Certification is a comprehensive assessment of the management, operational, and technical security controls in an information system, made in support of security accreditation, to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Accreditation is the official management decision given by a senior agency official to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals, based on the implementation of an agreed-upon set of security controls.
data and the systems and processes used for those purposes.
While focused dominantly on information in digital form, the full range of IA encompasses not only digital but also analog or physical form.
Information assurance as a field has grown from the practice of information security, which in turn grew out of practices and procedures of computer security.
information security model, also called the CIA Triad, addresses three attributes of information and information systems, confidentiality, integrity, and availability.
This C-I-A model is extremely useful for teaching introductory and basic concepts of information security and assurance; the initials are an easy mnemonic to The Five Pillars model is used in the practice of Information Assurance (IA) to define assurance requirements.
It was promulgated by the U.S.
Department of Defense (DoD) in a variety of publications, beginning with the National Information Assurance Glossary, Committee on National Security Systems Instruction CNSSI-4009
Here is the definition from that publication: "Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation.
These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities." The Five Pillars model is sometimes criticized because authentication and non-repudiation are not attributes of information or systems; rather, they are procedures or methods useful to assure the integrity and authenticity of information, and to protect the confidentiality of the same.
Out of the given options, Certification and Accreditation (C&A) refers to a process that is used for implementing information security.
Certification and Accreditation (C&A) is a formal process that is used to evaluate and verify the security of an information system. The objective of this process is to ensure that the security requirements of an information system are met and maintained throughout the system's life cycle. C&A is typically used in government organizations and is also known as Assessment and Authorization (A&A) or Security Authorization.
The C&A process involves several steps, including:
Initiation: In this step, the organization identifies the information system that needs to be certified and accredited.
Security categorization: The organization determines the impact level of the information system based on the confidentiality, integrity, and availability requirements.
Security control selection: The organization selects and documents the security controls that will be implemented to protect the information system.
Security control implementation: The organization implements the selected security controls.
Security control assessment: The organization tests the implemented security controls to ensure they are operating effectively.
Authorization: The organization makes a risk-based decision whether to authorize the system to operate.
Continuous monitoring: The organization monitors the security controls to ensure they continue to operate effectively throughout the system's life cycle.
In summary, C&A is a process that is used to evaluate and verify the security of an information system. The process involves several steps, including initiation, security categorization, security control selection, security control implementation, security control assessment, authorization, and continuous monitoring.