Appendix A: Answers to Exercises in Chapters 9 through 14

Chapter 9

1. The security categorizations for the system are {confidentiality: moderate, integrity: low, availability: moderate}, resulting in a system categorization of moderate. This assessment is done by listing each information type and individually determining the highest categorization for confidentiality, integrity, and availability. Once the confidentiality, integrity, and availability factors have been categorized, the system’s overall categorization is determined by identifying the highest category of the three. This becomes the system’s categorization, as illustrated in the table below.

2. The following items should be included in the system’s description:

 Full descriptive ...

Get Risk Management Framework now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.