Security Architecture - MIS 5214 - Section 001

Exercise 1:

How would you approach assessing the completeness (breadth and depth) of the Generic Information Security Policy example?

Generic Information Security Policy Example

Exercise 2:

Find a preliminary categorization for the following information system and adjust the categorization based on your analysis – present justifications for both preliminary and adjusted categorizations

Purpose: The system has two overarching purposes:

1. For clients it is a system intended to help understand sewage and storm water collection and treatment systems (i.e. pipe networks, pump stations, and treatment plants) and their capacities, overflow characteristics and controls
2. For the firm the system is intended to provide revenue through pay by clients for direct use of the service(s) of the system

Users:

Municipal and regional water and sewer utilities will use the system to help plan capital improvement, operations, and maintenance of sewer systems (i.e. sewage treatment plants and sewage collection networks)
External consultants helping water and sewer utilities plan capital improvement, operations, and maintenance of sewer systems
The firm’s technical information system development staff working directly on the information system to provide, maintain, enhance and extend the services of the information system to (1) and (2)

03 - Planning and Policy

Wrap Up

Boyle and Panko: Chapter 2 Planning and Policy

NIST 800 100 Information Security Handbook Chapter 8

NIST 800 60 V1R1 Guide for Mapping Types of Information and Information Systems to Security Categories

FIPS 200 Minimum Security Requirements for Federal Information and Information Systems

My question to discuss with my classmates

In The News