Day 1 of NSA's IAM
The IAM training has been going pretty well, even though it was just the first day. Today, the class went over the intital contact and pre-assessment phases. We defined the mission of our example organization (our customer) and identified points of contact within the company. Impact attributes (confidentiality, integrity, availability) were defined as well as the impact ratings: high, medium and low. Using these definitions, our group classed the organizational information criticality into a matrix using the impact attributes and ratings. Following, we identified information systems and modeled them after the information criticality matrix. Finally, we described our customer's system configuration and how information flows across the organization.
Day 2 should be even better, as we cover the actual on-site assessment visit and final analysis phases.blog comments powered by Disqus