Information System- People, Process, information, Infrastructure and Technology
Information System Owner-Own the people, process, infrastructure and technology for a particular system. A system has only one owner
Information Owner-Own the information/data within the information system. An information system can have multiple information Owners.
Information System Security Officer (ISSO)-Ensures information systems are secured-controls are implemented and tested for effectiveness
Data Custodian-Manages/maintains the information on behalf of the information owner
Authorizing Official- Accredit or Authorized System
Chief Information Officer (CIO)-Manages the entire agency’s ITresources
System Administrator-Day to day management of the system
System Developer-Build application/write codes
System Engineers- Manage servers
Network Engineers- Manage the network (routers and switches)
Help Desk- Desktops and laptops troubleshooting/Handle tickets
Chief Information Security Officer (CISO)-Responsible for the security of the agency-ISSO/Auditor report to him
C&A Analyst/IT Security Analyst-Audit system for compliance-Report to the CISO or ISSO
Program Manager-Manages Projects-Security Teams Lead (NIH)
Project Manager: Manages a Project-Security Team Lead (NCI)
Information System Boundary-A set of information resources (information, people, fund, equipment and information technology) allocated to an information system- If a set of information resources is identified as an information system, the resources are generally under the same direct management control
Same General Operation environment (no matter the geographic location)
Accreditation/Authorized System Boundary-Information system boundary approved by management-CIO
General Support system-GSS is a collection of interconnected information resources or computing environments under the same direct management control, which shares common functionality-Data center (house the servers and application) and the network (router, and switches). High, Moderate or Low Classification
Major Application- MA A major application is usually hosted on a general support system. High, Moderate or Low Classification
Minor Application- It is very common that a minor application may have a majority of its security controls provided by the general support system or major application on which it resides. Moderate or Low Classification
Confidentiality: Information is only accessible to authorized users.
Integrity: Protect against unauthorized modification or alteration of information and information system
Availability: Make information and information system available when needed
error: Content is protected !!
Accessing this course requires a login. Please enter your credentials below!