Certification and accreditation - Research Paper Example

Full Paper Certification & Accreditation The first objective of this topic is to understand roles of actors involved in the Accreditation and Certification process. The certification process incorporates a wide range of technical and non-technical security safeguard evaluation associated with an information system. Likewise, the aim is to check and verify compliance of specified security requirements of a specific design and deployment. Moreover, the accreditation process that is called a formal declaration by Designated Approving Authority (DAA) for an information system that is operational in a specific secure environment with an acceptable risk level.

However, the information system must meet the approved safeguards or protection in the two domains i.e. technical and managerial. The duration of a typical certification and accreditation process should be executed in sixteen to eighteen months. However the duration will vary due to the complexity level of the networked environment. (Stark, 1994) The dissimilarity between a Certified and an information system auditor is a compliment of both these roles. The certifier will review the systems for compliance with the stated requirements from the regulations, law or the board (Langsley & American Board of, 1983).

In contrast, the auditor will validate the results submitted by the certifier for meeting the requirements. However, it is not necessary that an auditor may be a part of the same organization (Stark, 1994). Likewise, information system auditor is responsible for carrying out an independent review or audit of examination of records and activities for accessing the appropriateness of system controls for assuring compliance with policies and procedures. Similarly, a certifier is associated with conducting technical decisions of complying systems with organizational requirements, conducting risk assessment focused on system operation, certification actions and combining or integrating the finalized certification along with accredited packages.

The post of this individual is known as Information System Security Manager. Furthermore, the contribution of a reviewer is associated with internal organizational role that falls under the role of a certifier (Stark, 1994). The phase 5 of the Certification and Accreditation process called as Disposal is not addressed. For instance, there is always a disposal phase of any process, system, applications etc. likewise, the process of system disposal, few factors need consideration. These factors are mentioned below:Disposal of Storage devices: if an organization does not have proper disposal policy for storage devices, they may be at huge risks, as data can be retrieved from these used storage devices and can be used against the organization for unknown purposes.

Disposal of Hardware Components: The disposal of hardware/network/ computing devices can be reused by other organizations.Manual Documentation: floor map or other architectural diagrams must be discarded by paper shredder when not in use, as they can facilitate a criminal to plan for identity theft, data theft, stealing mission critical information etc.Apart from these above mentioned flaws, the association between certification and accreditation between the audit and software development life cycle is different.

The SDLC is considered as different wording or interpretation, and the audit identify the deployment and there is no enforcement of developing procedures.Work CitedLangsley, D. G., & American Board of, M. S. (1983). Legal aspects of certification and accreditation American Board of Medical Specialties.Stark, C. A. (1994). Introduction to certification and accreditation: Information systems security DIANE Publishing Company.