The Accreditor’s Dilemma

In essence, the information security/assurance certification and accreditation process -- in both civilian and military realms -- represents a command and control view of decision making.

On the battlefield, the commander gathers information from advisors who are qualified to attest to the accuracy (or limitations) of the information they provide. Because no one ever operates without a degree of uncertainty, the commander makes decisions using available information but with the full realization that other factors are unknown and perhaps unknowable. The commander also recognizes that a bad decision will reflect on him or her directly.