Lecture presentation
Exercise 1:
How would you approach assessing the completeness (breadth and depth) of the Generic Information Security Policy example?
Exercise 2:
Find a preliminary categorization for the following information system and adjust the categorization based on your analysis – present justifications for both preliminary and adjusted categorizations
Purpose: The system has two overarching purposes:
-
- For clients it is a system intended to help understand sewage and storm water collection and treatment systems (i.e. pipe networks, pump stations, and treatment plants) and their capacities, overflow characteristics and controls
- For the firm the system is intended to provide revenue through pay by clients for direct use of the service(s) of the system
Users:
- Municipal and regional water and sewer utilities will use the system to help plan capital improvement, operations, and maintenance of sewer systems (i.e. sewage treatment plants and sewage collection networks)
- External consultants helping water and sewer utilities plan capital improvement, operations, and maintenance of sewer systems
- The firm’s technical information system development staff working directly on the information system to provide, maintain, enhance and extend the services of the information system to (1) and (2)