Information Security -Summary Report

Sami Ahmed

10/5/11

Summary Report

The first thing we had learned in this class is the acronym CIA. When regarding information security CIA stands for confidentiality, integrity and availability. Confidentiality in this case asks, is the information system secure? Does it prevent unauthorized intrusion from acessing databases or important files? Intregrity asks, is the information in the system correct? Is the data safe from being modified undetectably? And finally availbilty refers to whether the information on the system is readily available when it is needed. Next we learned that these concepts are broken down even further into three classifications, high-impact, medium-impact, and low impact. These classifications determine the level of importance and security measures that will be used to keep them working safely. For instance, a low impact situation is usually something small such as a business system. A Medium-impact situation is a bit more serious and can cause financial damages such as insurance banking. And finally high-impact of most importance and can even be life threatening. An example of a confidential High-Impact are login criteria for a nuclear missle silo or a power grid, for these things should only be used by officials. Most types of information fall under CIA in a low, medium, and high category. However when such information is categorized it is always the highest security measure issued that classifies that system. This is called high water mark. Under FISMA, the federal information systems management act, it requires all government systems to be certified in order to operate. Before the certification would need to be retaken every three years but now it is up to the DAA( Designated Approving Authorithy) whether the certifcation needs to be retaken or if the system can continue functioning with continous monitoring. Next we covered some of the secuirty control baselines and learned the four priority codes P1, P2, P3, and P0. The priority...