Download to read offline
![System-Specific Security Policy (SysSP)
Class: CISS-391 Early Spring 2020
Policy Information
Policy Name: __________________________ ID:
______________ Type: ☐ Internet, ☐ Networks, Systems, ☐
Information
Company/Agency/Organization:
___________________________________ Date:
_____________
Team Name: _______________________________ Project
Lead: ___________________________
Chief Executive Officer (CEO): ______________________
Role(s): Define your role(s) for this policy
Chief Info Security Officer (CISO): ___________________
Role(s): Define your role(s) for this policy
Senior Security Engineer (SSE): _____________________
Role(s): Define your role(s) for this policy
☒ Systems, ☒ InformationSysSP Details:
1. Access Control list (ACL)
(see pg 189 Fig 4-3)
[Group name, Description, user account type: ADMIN,
EMPLOYEE, CONTRACTOR, USER, GUEST]
Group
Description
Account Type
Admin
System and network administrators](https://image.slidesharecdn.com/system-specificsecuritypolicysysspclassciss-391earlysprin-230122112302-7b9ec8bc/75/System-Specific-Security-Policy-SysSP-Class-CISS-391-Early-Sprin-docx-1-2048.jpg)
![2. Access Control matrix
(focus on user access)
[user account type, group, asset, control, time limits] Hint: one
user per policy
Account Type
Group
Assert
Control
Time limits](https://image.slidesharecdn.com/system-specificsecuritypolicysysspclassciss-391earlysprin-230122112302-7b9ec8bc/75/System-Specific-Security-Policy-SysSP-Class-CISS-391-Early-Sprin-docx-2-2048.jpg)
More Related Content
Similar to System-Specific Security Policy (SysSP)Class CISS-391 Early Sprin.docx
![[Insert System Name (Acronym)]Security Categorization Moderat.docx](https://cdn.slidesharecdn.com/ss_thumbnails/insertsystemnameacronymsecuritycategorizationmoderat-221114182327-b2942933-thumbnail.jpg?width=640&height=640&fit=bounds)
System-Specific Security Policy (SysSP)Class CISS-391 Early Sprin.docx
- 1. System-Specific Security Policy(SysSP) Class: CISS-391 Early Spring 2020 Policy Information Policy Name: __________________________ ID: ______________ Type: ☐ Internet, ☐ Networks, Systems, ☐ Information Company/Agency/Organization: ___________________________________ Date: _____________ Team Name: _______________________________ Project Lead: ___________________________ Chief Executive Officer (CEO): ______________________ Role(s): Define your role(s) for this policy Chief Info Security Officer (CISO): ___________________ Role(s): Define your role(s) for this policy Senior Security Engineer (SSE): _____________________ Role(s): Define your role(s) for this policy ☒ Systems, ☒ InformationSysSP Details: 1. Access Control list (ACL) (see pg 189 Fig 4-3) [Group name, Description, user account type: ADMIN, EMPLOYEE, CONTRACTOR, USER, GUEST] Group Description Account Type Admin System and network administrators
- 2. 2. Access Controlmatrix (focus on user access) [user account type, group, asset, control, time limits] Hint: one user per policy Account Type Group Assert Control Time limits
- 3.
- 4. (Focus on controlcapabilities: (account office apps, system tools, network tools, policy that applies) (Policy control for above users and groups) Group Account Type Capability tools Policy that apply
- 5. 4. Configuration rules (focuson assets like servers) (server, port, protocol, access rule, time limits) Server Port(s) Protocol Access Rule Time limit
- 6. 5. Technical SpecificationsSysSP (Focus on asset hardware both network equipment, servers, and user PCs/Laptop) (Make, model, type, Quantity, cost) Asset Type Make Model Qty Cost
- 8.