Information System Security Plans For Information Systems

1848 Words8 Pages
INFORMATION SYSTEM SECURITY PLANS HENRY KASIBANTE PROFESSOR: MARGARET LEARY UNIVERSITY OF MARYLAND UNIVERSITY COLLEGE 10/05/2014 Contents 1- Introduction 2- Purpose 3- Scope 4- Security Plans for Information Systems 4.1 Rules of the System 4.2 Training 4.3 Personnel Controls 4.4 Incident Response Capability 4.5 Continuity of Support 4.6 Technical Security 4.7 System Interconnection 5- Guide for Developing Security Plans for Information Systems 5-1 System name and identifier 5-2 System categorization 5-3 System owner 5-4 Authorizing official 5-5 Other designated contacts 5-6 Assignment of security responsibility 5-7 System operational status 5-8 Information system type 5-9 General description/purpose 5-10 System…show more content…
2- Purpose The essay seeks to explain and discuss an information security plan. The security plan will ensure protection from loss of confidentiality, integrity, and availability of data (CIA) which are the back bone of any organization’s information security. To provide an outline of the security requirements of the system and describe the controls in place or planned responsibilities and expected behavior of all individuals who access the system. The discussion will also review the guidelines for developing the security plans for information systems. 3- Scope The security plan will apply to all organizations or agencies and can be followed as an example for a new security plan or a review of an existing plan. 4- Security Plans for Information Systems The security plan will be guided through the National Institute of Standards and Technology (NIST) guidelines including the following: 4.1 Rules of the System Based on the needs of the organization and acceptable users to the system, rules are set to fit the environment and the level of acceptable risks. These rules shall only be as strict as required to deliver appropriate security for the information in the system, and shall clearly describe responsibilities and expected behaviors of all acceptable users to the system. Limitations to interconnections of
Open Document