O'Reilly logo

Risk Management Framework by James Broad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix A: Answers to Exercises in Chapters 9 through 14

Chapter 9

1. The security categorizations for the system are {confidentiality: moderate, integrity: low, availability: moderate}, resulting in a system categorization of moderate. This assessment is done by listing each information type and individually determining the highest categorization for confidentiality, integrity, and availability. Once the confidentiality, integrity, and availability factors have been categorized, the system’s overall categorization is determined by identifying the highest category of the three. This becomes the system’s categorization, as illustrated in the table below.

2. The following items should be included in the system’s description:

 Full descriptive ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required