SlideShare a Scribd company logo

Data-Classification-Study (1).pptx

Download as PPTX, PDF
M
MukeshKumar798460

public

Government & Nonprofit
1 of 10
Data Classification Security Categorization of Information and Information Systems
Security Categorization of Information and Information Systems Purpose: To establish protection profiles and assign control element settings for each category of data for which an Agency is responsible. Security Organization is the basis for identifying an initial baseline set of security controls for the information and information systems. Security Organization starts with the identification of what information and information systems support which State lines of business, as defined by the Federal Enterprise Architecture (FEA). Subsequent steps focus on the evaluation of the need for confidentiality, integrity, and availability.
Has anyone in here completed or begun a Security Categorization study for their area? If you have can you send me a sample of the completed documentation so that OIT can develop consistent format for Collection. Security Categorization of Information and Information Systems
There are two ISD policy statements pertaining to Security Categorization: • Standard 500S2-00: Security Categorization of State Information and Information Systems • Standard 681S1-00: Information Protection Both these policies will have to be reissued by OIT because they are inconsistent With the NIST guidelines particularly FIPS 199 and SP800-60 Vol 1. which will be the Primary reference utilized in data classification. Security Categorization of Information and Information Systems
Data Classification Methodology Key References • FIPS Publication 199, Standards for Security Categorization for Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf • FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems: http//csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf • NIST SP 800-53, Recommended Security Controls for Federal Information Systems Rev.3 http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final-errata.pdf • NIST SP 800-60 Volume 1, Guide for Mapping Types of Information and Information Systems into Security Categories: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication 800-60v1r1.pdf • NIST SP 800-60 Volume 2, Appendices to Guide for Mapping Types of Information and Information Systems into Security Categories: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication 800-60v2r1.pdf Security Categorization of Information and Information Systems
Security Categorization of Information and Information Systems Two Key Definitions Information Type: A specific category of information (e.g., privacy, Medical, proprietary, financial, investigative, contactor sensitive Security Management) defined by an organization, or in some Instances, by a specific law, Executive Order, directive, policy or Regulation. Information System: A discrete set of information resources organized for the collection processing, maintenance, use, sharing, dissemination, or disposition of Information.
Identify Information Systems Identify Information Types Select Provisional Impact Levels Review Provisional Impact Levels Adjust/ Finalize Information Impact Levels Assign System Security Category Process Inputs Process 1 2 3 4 Security Categorization Process Outputs FIPS 200 / SP 800-53 Security Control Selection Figure 2: SP 800-60 Security Categorization Process Execution Security Categorization of Information and Information Systems
An information system supporting the provision of electrical energy to the Data Centre contains the following data types: a) Detailed electrical energy monitoring information b) Inventory data related to backup electrical generating, UPS systems and related infrastructure devices D.7.1 Energy Supply Information Type Energy Supply involves all activities devoted to ensuring the availability of an adequate supply of energy for the United States and its citizens. Energy Supply includes the sale and transportation of commodity fuels such as coal, oil, natural gas, and radioactive materials. This function also includes distributing and transferring power, electric generation, and/or storage located near the point of use. ; C.3.4.2 Inventory Control Information Type Inventory control refers to the tracking of information related to procured assets and resources with regards to quantity, quality, and location.. Security Categorization of Information and Information Systems
Information System Name: Power Safe System - DOIT Business and Mission Supported: The Power Safe system provides real- time control and information supporting all backup electrical devices supporting the DOIT Data Center. Information Types Energy Supply Sensor data monitoring backup power for the DOIT Data Center. This function includes control of distribution and transfer of power. The remote control capabilities can take action such as initiating necessary switching actions to alleviate an overloading power condition. The impacts to this information and the system may affect the installation’s critical infrastructures. Inventory Control The Power Safe information system processes routine inventory information on all energy production, storage and monitoring devices. Identify Information Types Confidentiality Impact Integrity Impact Availability Impact Energy Supply L / L L / M L / M Disclosure of sensor information may impact the Data Center if indications & warnings of overall capability are provided to an unfriendly party. Significant impacts or consequences may occur if unauthorized modification of information results in incorrect power system regulation or control actions. Due to loss of availability, severe impact to the DOIT Data Center may result and may in-turn have overall catastrophic consequences for the facility’s critical infrastructures. Inventory Control L L L Regardless of the moderate or high impact associated with unauthorized disclosure of some inventory control information, the provisional confidentiality impact level recommended for inventory control information is low. The provisional integrity impact level recommended for inventory control information is low. The provisional availability impact level recommended for inventory control information is low. Final System Categorization: Low Moderate Moderate Overall Information System Impact: Moderate
Action Items: • OIT to rescind and republish any existing policies regarding Security Categorization to be consistent with FIPS 199 &200 • OIT to develop a template for the agencies to record information and information system categorization information • Agencies to begin the identification of all information systems that impact their mission. Look for system dependencies i.e. Is there any system that is dependent on data from another system or agency. • OIT to help define Security Categorization Training for agencies and work with agencies to address potential manpower issues. Overall Goal: To complete the Security Categorization Study for Agencies by end of 2016 Calendar year. Security Categorization of Information and Information Systems

Recommended

L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
StevenTharp2
 
Nist.sp.800 82r2
Nist.sp.800 82r2Nist.sp.800 82r2
Nist.sp.800 82r2
vimal Kumar Gupta
 
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssesshttpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
LizbethQuinonez813
 
Sp800 30-rev1-ipd
Sp800 30-rev1-ipdSp800 30-rev1-ipd
Sp800 30-rev1-ipd
FISMA-COMPARED
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
dirkrplav
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
Muhammad Mazhar
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
padler01
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx
robert345678
 

Recommended

L3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptxL3 RMF Phase 2 Categorize.pptx
L3 RMF Phase 2 Categorize.pptx
StevenTharp2
 
Nist.sp.800 82r2
Nist.sp.800 82r2Nist.sp.800 82r2
Nist.sp.800 82r2
vimal Kumar Gupta
 
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssesshttpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
httpsclass.waldenu.eduwebappsassessmenttakelaunchAssess
LizbethQuinonez813
 
Sp800 30-rev1-ipd
Sp800 30-rev1-ipdSp800 30-rev1-ipd
Sp800 30-rev1-ipd
FISMA-COMPARED
 
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docxINSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
INSERT AGENCY LOGOINSERT SYSTEM NAMESystem Secur.docx
dirkrplav
 
5757912.ppt
5757912.ppt5757912.ppt
5757912.ppt
Muhammad Mazhar
 
Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...Contractor Responsibilities under the Federal Information Security Management...
Contractor Responsibilities under the Federal Information Security Management...
padler01
 
NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx NIST Special Publication 800-37 Revision 2 Ris.docx
NIST Special Publication 800-37 Revision 2 Ris.docx
robert345678
 
Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171
RepentSinner
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
Nirmal Thaliyil
 
3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf
Admin621695
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
Ignyte Assurance Platform
 
NIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdfNIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdf
>hey> whee hey
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
newbie2019
 
Medical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveMedical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory Perspective
Jon Lendrum
 
Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance Guide
Rapid7
 
DojoSec FISMA Presentation
DojoSec FISMA PresentationDojoSec FISMA Presentation
DojoSec FISMA Presentation
danphilpott
 
Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...
Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...
Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...
IRJET Journal
 
NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5
VICTOR MAESTRE RAMIREZ
 
NIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxNIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docx
picklesvalery
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
Andy Bochman
 
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...
David Bustin
 
Endpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcomEndpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcom
apjk220
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docx
vannagoforth
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber security
Thames Global Consultants
 
NIST.SP.800-53r4
NIST.SP.800-53r4NIST.SP.800-53r4
NIST.SP.800-53r4
Eric Hodge - MBA
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
PECB
 
Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docx
whittemorelucilla
 
EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptx
aaryamanorathofficia
 
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Call Girls in Nagpur High Profile
 

More Related Content

Similar to Data-Classification-Study (1).pptx

Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171
RepentSinner
 
NIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxNIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docx
picklesvalery
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
Andy Bochman
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docx
vannagoforth
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
PECB
 
Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docx
whittemorelucilla
 

Similar to Data-Classification-Study (1).pptx (20)

Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171Protecting non fed controlled unclassified info nist sp-800-171
Protecting non fed controlled unclassified info nist sp-800-171
 
Standards based security for energy utilities
Standards based security for energy utilitiesStandards based security for energy utilities
Standards based security for energy utilities
 
3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf3 - Firewall Guidlines.pdf
3 - Firewall Guidlines.pdf
 
DFARS & CMMC Overview
DFARS & CMMC Overview DFARS & CMMC Overview
DFARS & CMMC Overview
 
NIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdfNIST.SP.800-37r2.pdf
NIST.SP.800-37r2.pdf
 
Nist.sp.800 37r2
Nist.sp.800 37r2Nist.sp.800 37r2
Nist.sp.800 37r2
 
Medical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory PerspectiveMedical Device Cybersecurity : A Regulatory Perspective
Medical Device Cybersecurity : A Regulatory Perspective
 
Rapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance GuideRapid7 FISMA Compliance Guide
Rapid7 FISMA Compliance Guide
 
DojoSec FISMA Presentation
DojoSec FISMA PresentationDojoSec FISMA Presentation
DojoSec FISMA Presentation
 
Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...
Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...
Security Landscape of a Strong Ecosystem to Protect Sensitive Information in ...
 
NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5NIST Special Publication 800-53 Revision 5
NIST Special Publication 800-53 Revision 5
 
NIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docxNIST Special Publication 800-34 Rev. 1 Contingency.docx
NIST Special Publication 800-34 Rev. 1 Contingency.docx
 
SGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data securitySGSB Webcast 2 : Smart grid and data security
SGSB Webcast 2 : Smart grid and data security
 
Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...Security Analysis Findings and Recommendations for the Department of Veterans...
Security Analysis Findings and Recommendations for the Department of Veterans...
 
Endpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcomEndpoint Protection Platform Invent Youself/tutorialoutletdotcom
Endpoint Protection Platform Invent Youself/tutorialoutletdotcom
 
NIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docxNIST Special Publication 800-39 Managi.docx
NIST Special Publication 800-39 Managi.docx
 
Power station monitoring and cyber security
Power station monitoring and cyber securityPower station monitoring and cyber security
Power station monitoring and cyber security
 
NIST.SP.800-53r4
NIST.SP.800-53r4NIST.SP.800-53r4
NIST.SP.800-53r4
 
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to KnowCMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
CMMC 2.0 vs. ISO/IEC 27001 vs. NIST 800-171: What You Need to Know
 
Guide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docxGuide for Security-Focused Configuration Management of I.docx
Guide for Security-Focused Configuration Management of I.docx
 

Recently uploaded

Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Call Girls in Nagpur High Profile
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
MOHANI PANDEY
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
ranjana rawat
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
SUHANI PANDEY
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Call Girls in Nagpur High Profile
 
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
tanu pandey
 
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our EscortsVIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
sonatiwari757
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
tanu pandey
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
CedZabala
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 

Recently uploaded (20)

EDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptxEDUROOT SME_ Performance upto March-2024.pptx
EDUROOT SME_ Performance upto March-2024.pptx
 
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Wadgaon Sheri ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
Get Premium Balaji Nagar Call Girls (8005736733) 24x7 Rate 15999 with A/c Roo...
 
2024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 302024: The FAR, Federal Acquisition Regulations, Part 30
2024: The FAR, Federal Acquisition Regulations, Part 30
 
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
The Most Attractive Pune Call Girls Handewadi Road 8250192130 Will You Miss T...
 
2024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 292024: The FAR, Federal Acquisition Regulations - Part 29
2024: The FAR, Federal Acquisition Regulations - Part 29
 
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
VIP Model Call Girls Kiwale ( Pune ) Call ON 8005736733 Starting From 5K to 2...
 
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
Top Rated Pune Call Girls Hadapsar ⟟ 6297143586 ⟟ Call Me For Genuine Sex Se...
 
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
Call On 6297143586 Yerwada Call Girls In All Pune 24/7 Provide Call With Bes...
 
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
Human-AI Collaboration for Virtual Capacity in Emergency Operation Centers (E...
 
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our EscortsVIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
VIP Call Girl Service Ludhiana 7001035870 Enjoy Call Girls With Our Escorts
 
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
(NEHA) Call Girls Nagpur Call Now 8250077686 Nagpur Escorts 24x7
 
Postal Ballots-For home voting step by step process 2024.pptx
Postal Ballots-For home voting step by step process 2024.pptxPostal Ballots-For home voting step by step process 2024.pptx
Postal Ballots-For home voting step by step process 2024.pptx
 
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Akurdi ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Climate change and occupational safety and health.
Climate change and occupational safety and health.Climate change and occupational safety and health.
Climate change and occupational safety and health.
 
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'IsraëlAntisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
Antisemitism Awareness Act: pénaliser la critique de l'Etat d'Israël
 
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
Artificial Intelligence in Philippine Local Governance: Challenges and Opport...
 
Climate change and safety and health at work
Climate change and safety and health at workClimate change and safety and health at work
Climate change and safety and health at work
 
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
Lucknow 💋 Russian Call Girls Lucknow ₹7.5k Pick Up & Drop With Cash Payment 8...
 
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Chakan Call Me 7737669865 Budget Friendly No Advance Booking
 

Data-Classification-Study (1).pptx

  • 1. Data Classification Security Categorization of Information and Information Systems
  • 2. Security Categorization of Information and Information Systems Purpose: To establish protection profiles and assign control element settings for each category of data for which an Agency is responsible. Security Organization is the basis for identifying an initial baseline set of security controls for the information and information systems. Security Organization starts with the identification of what information and information systems support which State lines of business, as defined by the Federal Enterprise Architecture (FEA). Subsequent steps focus on the evaluation of the need for confidentiality, integrity, and availability.
  • 3. Has anyone in here completed or begun a Security Categorization study for their area? If you have can you send me a sample of the completed documentation so that OIT can develop consistent format for Collection. Security Categorization of Information and Information Systems
  • 4. There are two ISD policy statements pertaining to Security Categorization: • Standard 500S2-00: Security Categorization of State Information and Information Systems • Standard 681S1-00: Information Protection Both these policies will have to be reissued by OIT because they are inconsistent With the NIST guidelines particularly FIPS 199 and SP800-60 Vol 1. which will be the Primary reference utilized in data classification. Security Categorization of Information and Information Systems
  • 5. Data Classification Methodology Key References • FIPS Publication 199, Standards for Security Categorization for Federal Information and Information Systems: http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf • FIPS Publication 200, Minimum Security Requirements for Federal Information and Information Systems: http//csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf • NIST SP 800-53, Recommended Security Controls for Federal Information Systems Rev.3 http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3-final-errata.pdf • NIST SP 800-60 Volume 1, Guide for Mapping Types of Information and Information Systems into Security Categories: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication 800-60v1r1.pdf • NIST SP 800-60 Volume 2, Appendices to Guide for Mapping Types of Information and Information Systems into Security Categories: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication 800-60v2r1.pdf Security Categorization of Information and Information Systems
  • 6. Security Categorization of Information and Information Systems Two Key Definitions Information Type: A specific category of information (e.g., privacy, Medical, proprietary, financial, investigative, contactor sensitive Security Management) defined by an organization, or in some Instances, by a specific law, Executive Order, directive, policy or Regulation. Information System: A discrete set of information resources organized for the collection processing, maintenance, use, sharing, dissemination, or disposition of Information.
  • 7. Identify Information Systems Identify Information Types Select Provisional Impact Levels Review Provisional Impact Levels Adjust/ Finalize Information Impact Levels Assign System Security Category Process Inputs Process 1 2 3 4 Security Categorization Process Outputs FIPS 200 / SP 800-53 Security Control Selection Figure 2: SP 800-60 Security Categorization Process Execution Security Categorization of Information and Information Systems
  • 8. An information system supporting the provision of electrical energy to the Data Centre contains the following data types: a) Detailed electrical energy monitoring information b) Inventory data related to backup electrical generating, UPS systems and related infrastructure devices D.7.1 Energy Supply Information Type Energy Supply involves all activities devoted to ensuring the availability of an adequate supply of energy for the United States and its citizens. Energy Supply includes the sale and transportation of commodity fuels such as coal, oil, natural gas, and radioactive materials. This function also includes distributing and transferring power, electric generation, and/or storage located near the point of use. ; C.3.4.2 Inventory Control Information Type Inventory control refers to the tracking of information related to procured assets and resources with regards to quantity, quality, and location.. Security Categorization of Information and Information Systems
  • 9. Information System Name: Power Safe System - DOIT Business and Mission Supported: The Power Safe system provides real- time control and information supporting all backup electrical devices supporting the DOIT Data Center. Information Types Energy Supply Sensor data monitoring backup power for the DOIT Data Center. This function includes control of distribution and transfer of power. The remote control capabilities can take action such as initiating necessary switching actions to alleviate an overloading power condition. The impacts to this information and the system may affect the installation’s critical infrastructures. Inventory Control The Power Safe information system processes routine inventory information on all energy production, storage and monitoring devices. Identify Information Types Confidentiality Impact Integrity Impact Availability Impact Energy Supply L / L L / M L / M Disclosure of sensor information may impact the Data Center if indications & warnings of overall capability are provided to an unfriendly party. Significant impacts or consequences may occur if unauthorized modification of information results in incorrect power system regulation or control actions. Due to loss of availability, severe impact to the DOIT Data Center may result and may in-turn have overall catastrophic consequences for the facility’s critical infrastructures. Inventory Control L L L Regardless of the moderate or high impact associated with unauthorized disclosure of some inventory control information, the provisional confidentiality impact level recommended for inventory control information is low. The provisional integrity impact level recommended for inventory control information is low. The provisional availability impact level recommended for inventory control information is low. Final System Categorization: Low Moderate Moderate Overall Information System Impact: Moderate
  • 10. Action Items: • OIT to rescind and republish any existing policies regarding Security Categorization to be consistent with FIPS 199 &200 • OIT to develop a template for the agencies to record information and information system categorization information • Agencies to begin the identification of all information systems that impact their mission. Look for system dependencies i.e. Is there any system that is dependent on data from another system or agency. • OIT to help define Security Categorization Training for agencies and work with agencies to address potential manpower issues. Overall Goal: To complete the Security Categorization Study for Agencies by end of 2016 Calendar year. Security Categorization of Information and Information Systems