Anda di halaman 1dari 2

Rodel Reyes CST-200A Week 1 Day 2 10/11/2013 Nicole Stone Chapter 1: Exercises 2 and 4: Complete exercises 2 and 4 under

the Exercises heading at the end of chapter 1 in your textbook. Submit completed assignment to your instructor using ACOT e-Learn. 2. Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would address the three components occupying that cell. a) My Personal Information 1] Confidentiality the public should not have access to this info. 2] Integrity my personal info should be accurate at all times. 3] Availability I am able to access my personal info and change it. 4] Storage my personal info is stored in a secure server storage. 5] Processing if I change my info it would reflect the changes I made. 6] Transmission my personal information should be encrypted. 7] Policy access to my info are only available to me and Admin. 8] Education training staff in the security of personal information. 9] Technology encryption software is used to transmit my info. b) Exams and Tests 1] Confidentiality students should not have access to this initially. 2] Integrity tests should be accurate and not been tampered with. 3] Availability students are able to access tests at the allotted time. 4] Storage tests are stored in a secure server storage. 5] Processing students are able to provide answers to the tests. 6] Transmission the tests are transmitted intact when done. 7] Policy students are only able to access the tests during test time. 8] Education training staff and students regarding tests policies. 9] Technology tests are delivered on secure web browser software. c) ACOT eLearn 1] Confidentiality only ACOT students and staff can access this. 2] Integrity eLearn information should always have accurate info. 3] Availability when students login they are able to access eLearn. 4] Storage eLearn software is stored in a secure server storage. 5] Processing students are able to access assignments and tests. 6] Transmission all tests and assignments are able to be transmitted. 7] Policy Instructors can change info here but students cannot. 8] Education training students how to access and use eLearn. 9] Technology eLearn is a sophisticated software provided by ACOT.

4. Using the Web, identify the chief information officer, chief information security officer, and systems administrator for your school. Which of these individuals represents the data owner, data custodian? The Data Owner is usually the Chief Information Officer or CIO of an organization. They are responsible for the security and use of a particular set of information and determine the level of classification of that data and information. They are also involved in the changes to the classification of information as required by the organization. The Data Custodians who works directly with the CIO's are normally assigned to a dedicated position such as the Chief Information Security Officer or CISO. They are responsible for the storage, maintenance, and protection of information. Their duties include overseeing data storage and backups, implementing the specific procedures and policies laid out in the security policies, and reporting to the Data Owner the state of information security in an organization. Depending on the size of an organization these duties may be assigned to a Systems Administrator or a Technology Manager.