Rodel Reyes CST-200A Week 1 Day 2 10/11/2013 Nicole Stone Chapter 1: Exercises 2 and 4: Complete exercises 2 and 4 under the “Exercises” heading at the end of chapter 1 in your textbook. Submit completed assignment to your instructor using ACOT e-Learn. 2. Assume that a security model is needed for the protection of information in your class. Using the CNSS model, examine each of the cells and write a brief statement on how you would address the three components occupying that cell. a) My Personal Information 1] Confidentiality – the public should not have access to this info. 2] Integrity – my personal info should be accurate at all times. 3] Availability – I am able to access my personal info and change it. 4] Storage – my personal info is stored in a secure server storage. 5] Processing – if I change my info it would reflect the changes I made. 6] Transmission – my personal information should be encrypted. 7] Policy – access to my info are only available to me and Admin. 8] Education – training staff in the security of personal information. 9] Technology – encryption software is used to transmit my info. b) Exams and Tests 1] Confidentiality – students should not have access to this initially. 2] Integrity – tests should be accurate and not been tampered with. 3] Availability – students are able to access tests at the allotted time. 4] Storage – tests are stored in a secure server storage. 5] Processing – students are able to provide answers to the tests. 6] Transmission – the tests are transmitted intact when done. 7] Policy – students are only able to access the tests during test time. 8] Education – training staff and students regarding tests policies. 9] Technology – tests are delivered on secure web browser software. c) ACOT eLearn 1] Confidentiality – only ACOT students and staff can access this. 2] Integrity – eLearn information should always have accurate info. 3] Availability – when students login they are able to access eLearn. 4] Storage – eLearn software is stored in a secure server storage. 5] Processing – students are able to access assignments and tests. 6] Transmission – all tests and assignments are able to be transmitted. 7] Policy – Instructors can change info here but students cannot. 8] Education – training students how to access and use eLearn. 9] Technology – eLearn is a sophisticated software provided by ACOT.

4. Using the Web, identify the chief information officer, chief information security officer, and systems administrator for your school. Which of these individuals represents the data owner, data custodian? The Data Owner is usually the Chief Information Officer or CIO of an organization. They are responsible for the security and use of a particular set of information and determine the level of classification of that data and information. They are also involved in the changes to the classification of information as required by the organization. The Data Custodians who works directly with the CIO's are normally assigned to a dedicated position such as the Chief Information Security Officer or CISO. They are responsible for the storage, maintenance, and protection of information. Their duties include overseeing data storage and backups, implementing the specific procedures and policies laid out in the security policies, and reporting to the Data Owner the state of information security in an organization. Depending on the size of an organization these duties may be assigned to a Systems Administrator or a Technology Manager.