A security function defines the expected behavior from a security mechanism, and assurance defines:
A.
The controls the security mechanism will enforce
B.
The data classification after the security mechanism has been implemented
C.
The confidence of the security the mechanism is providing
D.
Cost/benefit relationship
Explanation:
The functionality describes how a mechanism will work and behave;
this may have nothing to do with the actual protection it provides. Assurance is the
level of confidence in the protection level a mechanism will provide. When systems
and mechanisms are evaluated, their functionality and assurance should be examined
and tested individually.