Appendix A: Answers to Exercises in Chapters 9 through 14

Chapter 9

1. The security categorizations for the system are {confidentiality: moderate, integrity: low, availability: moderate}, resulting in a system categorization of moderate. This assessment is done by listing each information type and individually determining the highest categorization for confidentiality, integrity, and availability. Once the confidentiality, integrity, and availability factors have been categorized, the system’s overall categorization is determined by identifying the highest category of the three. This becomes the system’s categorization, as illustrated in the table below.

2. The following items should be included in the system’s description:

 Full descriptive ...

Get Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.