tssci security

Day 1 of NSA's IAM

The IAM training has been going pretty well, even though it was just the first day. Today, the class went over the intital contact and pre-assessment phases. We defined the mission of our example organization (our customer) and identified points of contact within the company. Impact attributes (confidentiality, integrity, availability) were defined as well as the impact ratings: high, medium and low. Using these definitions, our group classed the organizational information criticality into a matrix using the impact attributes and ratings. Following, we identified information systems and modeled them after the information criticality matrix. Finally, we described our customer's system configuration and how information flows across the organization.

Day 2 should be even better, as we cover the actual on-site assessment visit and final analysis phases.

Posted by Marcin on Wednesday, September 13, 2006 in School and Security.

blog comments powered by Disqus
blog comments powered by Disqus