Options
Difference between similar looking but different terms
Hi,
Could anyone describe the difference between [FONT=Arial, Helvetica, sans-serif]certification and accreditation? Because from what I know from real life experience does not match with what is described in the text book[/FONT]
Could anyone describe the difference between [FONT=Arial, Helvetica, sans-serif]certification and accreditation? Because from what I know from real life experience does not match with what is described in the text book[/FONT]
Comments
-
Options
nk_vn
Member Posts: 38 ■■□□□□□□□□
It cannot be any clearer than the way it is described in AiO:
Certification is the technical evaluation of the security components and their compliance.
Accreditation is the management's formal acceptance of the adequacy of a system’s overall security and functionality.
Certification first, then after the management is sure that the solution is technically sound and compliant, they can formally approve it and accreditation takes place. -
Options
636-555-3226
Member Posts: 975 ■■■■■□□□□□
In terms of "real life experience" think of it like taking the test.
First you take the certification test
Second someone at ISC2 looks at your certification test results and checks the box to approve your accreditation. -
OptionsHunter85
Member Posts: 60 ■■■□□□□□□□
Thanks a lot for the tip, it know really makes sense
I have few more things which I would like to ask because I am finding difference between study books
1. Who is ultimately responsible for a poor programming which can lead to a data breach? Is it the developer, tester, security admin or project manager?
2. Who defines what data gets backed up and how often? Ops, management, legal, security, data owner etc... -
Options
dinhtq
Member Posts: 24 ■■■□□□□□□□
Thanks a lot for the tip, it know really makes sense
I have few more things which I would like to ask because I am finding difference between study books
1. Who is ultimately responsible for a poor programming which can lead to a data breach? Is it the developer, tester, security admin or project manager?
2. Who defines what data gets backed up and how often? Ops, management, legal, security, data owner etc...
1 ) Project Manager
2) Data Owner -
OptionsHunter85
Member Posts: 60 ■■■□□□□□□□
1 ) Project Manager
2) Data Owner
Yeah this is what i thought so but according to study guides it is
1. Security Admin
2. Management
These are really open ended questions and I do not know which source provides the correct (or CISSP correct) answer.
Can anyone who already passed the exam (or attended) clarify if there are questions like that in the exam?
I can give more examples like. What is the first step when you want to do a risk assessment?
1 source says, identify assets, the other one says gather risk assessment team.... -
OptionsSam_aqua
Member Posts: 72 ■■□□□□□□□□
I go with as below -
1 - Project manager - It says Ultimately responsible, so assuming PM is the one owning the project from management side... and can't think why would Security admin be 'ultimately' responsible considering the person won't even be from management chain.
2 - Data owner, who instructs data custodian to perform data backups. Data owner are normally department heads so they are usually from management, however data owner is more specific choice here imo. -
Optionscbkihong
Member Posts: 52 ■□□□□□□□□□
Yeah this is what i thought so but according to study guides it is
1. Security Admin
2. Management
Your study guides seems to stink ... agree with sam_aqua, that aligns with my impression from my study of the CBK too.
