In security management,____ is "the comprehensive evaluation of the technical and nontechnical security controls of an IT system to support the process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.
A) accreditation
B) certification
C) performance measurement
D) authorization

Question

Quizplus · Accepted Answer

Certification is the process of evaluating the technical and nontechnical security controls of an IT system to determine whether they meet a specified set of security requirements. This process is typically performed by an independent third-party and involves both a review of documentation and testing to ensure that the system meets the established security standards. Accreditation, on the other hand, is the official management decision to operate a system and to accept the potential risk, based on the implementation of security controls and an evaluation of the results of the security certification. Performance measurement is the process of assessing how well security controls are working and identifying areas for improvement. Authorization is the official management decision to operate a system and accept the associated risk.

In Security Management,____ Is "The Comprehensive Evaluation of the Technical