The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called
Security accreditation is the formal approval by management of the security certification process. It documents the identified risks, their mitigations, and establishes the acceptability of residual risks for an IT system.
Steps in the Process
Review findings from the security certification process.
Assess residual risks and proposed mitigations.
Obtain formal approval from authorized personnel.
Comparison of Options
A. Security certification: Precedes accreditation and focuses on technical validation.
B. Security system analysis: Broad assessment, not specific to the certification-accreditation lifecycle.
D. Alignment with business practices and goals: Pertains to overall strategic alignment, not risk acceptance.
EC-Council References
This process ensures management involvement and accountability, which aligns with CISO responsibilities under risk management frameworks taught by EC-Council.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit