• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Security Architecture

MIS 5214 - Section 001 - David Lanter

Security Architecture

MIS 5214.001 ■ Spring 2023 ■ David Lanter
  • Homepage
  • Instructor
  • Syllabus
  • Schedule
    • First Half of the Semester
      • Unit 01 – Threat Environment
      • Unit 02 – System Security Plan
      • Unit 03 – Planning and Policy
      • Unit 04 – Cryptography
      • Unit 05 – Secure Networks
      • Unit 06 – Firewalls
      • Unit 07 – Mid-Term Exam
    • Second Half of the Semester
      • Unit 08 – Access Control
      • Unit 9 Host Hardening
      • Unit 10 Application Security
      • Unit 11 Data Protection
      • Unit 12 – Incident and Disaster Response
  • Deliverables
    • Assignments
    • Case Studies
      • Case Study 1 – A High Performance Computing Cluster Under Attack: The Titan Incident
      • Case Study 2 – Data Breach at Equifax
    • Participation
    • Team Project
  • Harvard Coursepack
  • Zoom Meeting

Unit 03 – Planning and Policy

Readings:

  • Boyle and Panko, Chapter 2 Planning and Policy
  • NIST SP 800-100 “Information Security Handbook: A Guide for Managers”, Chapter 8 – Security Planning, pp.67-77
  • NIST SP800-60V1R1: “Guide for Mapping Types of Information and Information Systems to Security Categories”, pp.1-34
  • FIPS 200 “Minimum Security Requirements for Federal Information and Information Systems”, pp.1-9
  • NIST SP 800-53r5 “Security and Privacy Controls for Information Systems and Organizations”,1-17
  • NIST SP 800-53B “Control Baselines for Information Systems and Organizations”, pp. 1-15
  • NIST SP 800-53Ar5” Assessing Security and Privacy Controls in Information Systems and Organizations”, pp.1-36

References:

  • FIPS Publication 199 “Standards for Security Categorization of Federal Information and Information Systems”
  • NIST SP800-60V2R1: “Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories”

Exercise 1:

  • Generic Information Security Policy Example

How would you approach assessing the completeness (breadth and depth) of the Generic Information Security Policy example?

Exercise 2:

Find a preliminary categorization for the following information system and adjust the categorization based on your analysis – present justifications for both preliminary and adjusted categorizations

Purpose: The system has two overarching purposes:

    1. For clients it is a system intended to help understand sewage and storm water collection and treatment systems (i.e. pipe networks, pump stations, and treatment plants) and their capacities, overflow characteristics and controls
    2. For the firm the system is intended to provide revenue through pay by clients for direct use of the service(s) of the system

Users:

    1. Municipal and regional water and sewer utilities and governmental organizations will use the system to help plan capital improvement, operations, and maintenance of sewer systems (i.e. sewage treatment plants and sewage collection networks)
    2. External consultants helping municipal and regional water and sewer utilities plan capital improvement, operations, and maintenance of sewer systems
    3. The firm’s technical information system development staff will work directly on the information system to provide, maintain, enhance and extend the services of the information system to (1) and (2)

Primary Sidebar

Weekly Discussions

  • 01 – Introduction (1)
  • 01 – Threat Environment (3)
  • 02 – System Security Plan (6)
  • 03 – Planning and Policy (7)
  • 04 – Cryptography (4)
  • 05 – Secure Networks (7)
  • 06 – Firewalls (5)
  • 08 – Access Control (7)
  • 09 – Host Hardening (5)
  • 10 – Application Security (5)
  • 11 – Data Protection (3)
Fox School of Business

Copyright © 2023 · Course News Pro on Genesis Framework · WordPress · Log in