Readings:
- Boyle and Panko, Chapter 2 Planning and Policy
- NIST SP 800-100 “Information Security Handbook: A Guide for Managers”, Chapter 8 – Security Planning, pp.67-77
- NIST SP800-60V1R1: “Guide for Mapping Types of Information and Information Systems to Security Categories”, pp.1-34
- FIPS 200 “Minimum Security Requirements for Federal Information and Information Systems”, pp.1-9
References:
- FIPS Publication 199 “Standards for Security Categorization of Federal Information and Information Systems”
- NIST SP800-60V2R1: “Appendices to Guide for Mapping Types of Information and Information Systems to Security Categories”