Information System Security Plan
1
1. Information System Name/Title:
• Unique identifier and name given to the system. [use information from the case study]
2. Information System Categorization:
• Identify the appropriate system categorization [use the information from the case study].
3. Information System Owner:
• Name, title, agency, address, email address, and phone number of person who owns the system.
[Use the field office manager]
4. Authorizing Official:
• Name, title, agency, address, email address, and phone number of the senior management
official designated as the authorizing official. [Use the company’s Chief Information
Officer.]
5. Other Designated Contacts:
• List other key personnel, if applicable; include their title, address, email address, and phone
number. [include the CISO, the ISSO, and other individuals from the case study, if
appropriate]
6. Assignment of Security Responsibility:
• Name, title, address, email address, and phone number of person who is responsible for the
security of the system. [use the case study information]
7. Information System Operational Status:
• Indicate the operational status of the system. If more than one status is selected, list which part
of the system is covered under each status. [Use the case study information.]
8.0 Information System Type:
• Indicate if the system is a major application or a general support system. If the system contains
minor applications, list them in Section 9. General System Description/Purpose. [use the case
study information]
9.0 General System Description/Purpose
• Describe the function or purpose of the system and the information processes. [use the case
study information]
10. System Environment
• Provide a general description of the technical system. Include the primary hardware, software,
and communications equipment.
[use the case study information and diagrams. Add brand names, equipment types as required (if
not provided in the case study)]
11. System Interconnections/Information Sharing
Get Free Quote!
430 Experts Online