Security Basics mailing list archives
Re: System Certification
From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Fri, 10 Oct 2003 09:49:59 +1000
Hi Andy, Define Certification as it pertains to IT/IS Certification is the process of performing a comprehensive analysis of the security features and safeguards of a system to establish the extent to which the security requirements are satisfied. The certification process considers the system in its operational environment. This means the security mode of operation, specific users, what training the users will receive, the applications and their data sensitivity, system and facility configuration and location, and its intercommunication with other systems are all considered during the certification process. Define Accreditation as it pertains to IT/IS Accreditation is the official management decision to operate a system. Certificate proves it is capable, while accreditation means that we will run it. The accreditation specifies the Security mode it will work in Prescribed set of countermeasures Defined threats, and stated vulnerabilities Given operational concept and environment Stated interconnection to other systems The risk of operation is formally accepted And the accreditation is for a stated period. cheers Ivan Ivan Coric IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
"Andy Rose" <andymrose () hotmail com> 10/09/03 06:21pm >>>
Just a quick question - I'm trying to clarify the difference between 'system certification' and 'system accreditation'. I've reading conflicting definitions in different CISSP book - can anyone give me a definitive answer? Thanks _________________________________________________________________ Use MSN Messenger to send music and pics to your friends http://www.msn.co.uk/messenger --------------------------------------------------------------------------- ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- System Certification Andy Rose (Oct 09)
- <Possible follow-ups>
- Re: System Certification Ivan Coric (Oct 10)