Information System Security Accreditation

From Wikipedia, the free encyclopedia

You have new messages (last change).

It is proposed that this article be deleted, because of the following concern:

lack of context

If you can address this concern by improving, copyediting, sourcing, renaming or merging the page, please edit this page and do so. You may remove this message if you improve the article, or if you otherwise object to deletion of the article for any reason. To avoid confusion, it helps to explain why you object to the deletion, either in the edit summary or on the talk page. If this template is removed, it should not be replaced.

The article may be deleted if this message remains in place for five days (This template was added: 7 December 2006).

If you created the article, please don't take offense. Instead, consider improving the article so that it is acceptable according to the deletion policy. Nominator: Please consider notifying the author(s) of this page using

{{subst:prodwarning|Information System Security Accreditation}} ~~~~


Accreditation refers to the formal acceptance by organization executive management that they accept the residual risk associated with using a formally certified information system. Accreditation is formally defined by Krutz and Vines as:

A formal declaration by a Designated Approving Authority (DAA) where an information system is approved to operate in a particular security mode by using a prescribed set of safeguards at an acceptable level of risk.

[edit] References

Krutz, Ronald L. and Vines, Russell Dean, The CISSP Prep Guide; Gold Edition, Wiley Publishing, Inc., Indianapolis, Indiana, 2003.

Retrieved from "http://en.wikipedia.org../../../i/n/f/Information_System_Security_Accreditation_be98.html"