In an information systems environment that requires formal security accreditation, Certification refers to the comprehensive evaluation of the technical and non-technical security features of an information system.
Certification is formally defined by Krutz and Vines as:
“
The comprehensive evaluation of the technical and non-technical security features of an information system and the other safeguards, which are created in support of the accreditation process to establish the extent to which a particular design and implementation meets the set of specified security requirements.
No comments:
Post a Comment