Information System- People, Process, information, Infrastructure and Technology
Information System Owner-Own the people, process, infrastructure and technology for a particular system. A system has only one owner
Information Owner-Own the information/data within the information system. An information system can have multiple information Owners.
Information System Security Officer (ISSO)-Ensures information systems are secured-controls are implemented and tested for effectiveness
Data Custodian-Manages/maintains the information on behalf of the information owner
Authorizing Official- Accredit or Authorized System
Chief Information Officer (CIO)-Manages the entire agency’s ITresources
System Administrator-Day to day management of the system
System Developer-Build application/write codes
System Engineers- Manage servers
Network Engineers- Manage the network (routers and switches)
Help Desk- Desktops and laptops troubleshooting/Handle tickets
Chief Information Security Officer (CISO)-Responsible for the security of the agency-ISSO/Auditor report to him
C&A Analyst/IT Security Analyst-Audit system for compliance-Report to the CISO or ISSO
Program Manager-Manages Projects-Security Teams Lead (NIH)
Project Manager: Manages a Project-Security Team Lead (NCI)
Information System Boundary-A set of information resources (information, people, fund, equipment and information technology) allocated to an information system- If a set of information resources is identified as an information system, the resources are generally under the same direct management control
Same management
Same General Operation environment (no matter the geographic location)
Accreditation/Authorized System Boundary-Information system boundary approved by management-CIO
General Support system-GSS is a collection of interconnected information resources or computing environments under the same direct management control, which shares common functionality-Data center (house the servers and application) and the network (router, and switches). High, Moderate or Low Classification
Major Application- MA A major application is usually hosted on a general support system. High, Moderate or Low Classification
Minor Application- It is very common that a minor application may have a majority of its security controls provided by the general support system or major application on which it resides. Moderate or Low Classification
Confidentiality: Information is only accessible to authorized users.
Integrity: Protect against unauthorized modification or alteration of information and information system
Availability: Make information and information system available when needed
error: Content is protected !!
Login
Accessing this course requires a login. Please enter your credentials below!