Security Plan
Dcook-tulane.edu
CyberSecurityPlanTemplate.docxSouth Balance
Cybersecurity Plan
[Student Name]
1. Information System Name/Title:
· List 3 major system that South Balance would have and assign a unique identifier and name given to the system.
|
System ID |
System Description |
|
|
|
|
|
|
|
|
|
2. Information System Categorization:
· For the 3 systems above, identify the appropriate FIPS 199 Availability categorization (place an X in the appropriate column). See the FIPS 199 document for definitions.
|
System ID |
LOW |
MODERATE |
HIGH |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
3. Information System Owner:
· For the 3 systems above, identify the name and title of the system owner. In a real Security plan this would also include agency, address, email address, and phone number.
|
System ID |
System Owner Name |
System Owner Title |
|
|
|
|
|
|
|
|
|
|
|
|
4. Assignment of Security Responsibility:
· For the 3 systems above, identify the name and title of the person responsible for Security of that system. In a real Security plan this would also include address, email address, and phone number.
|
System ID |
System Owner Name |
System Owner Title |
|
|
|
|
|
|
|
|
|
|
|
|
5. Information System Operational Status:
· For the 3 systems above, indicate the operational status of the system (place an x in the appropriate column).
|
System ID |
Operational |
Under Development |
Major Modification |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
6. Information System Type:
· For the 3 systems above, indicate if the system is a major application or a general support system. If the system contains minor applications, list them in Section 9. General System Description/Purpose.
|
System ID |
Major Application |
General Support System |
|
|
|
|
|
|
|
|
|
|
|
|
7. General System Description/Purpose
· For the 3 systems above, describe the function or purpose of the system and the information it processes.
|
System ID |
Description |
|
|
|
|
|
|
|
|
|
8. System Environment
· For the 3 systems above, provide a general description of the technical system. Include the primary hardware, software, and communications equipment.
|
System ID |
Description |
|
|
|
|
|
|
|
|
|
11. Risk Assessment and Future Plan
• For the 3 systems above, provide a general description of overall cybersecurity risks. Include the primary hardware, software, and communications equipment.
|
System ID |
Description |
|
|
|
|
|
|
|
|
|
12. Related Laws/Regulations/Policies
• For the 3 systems above, list any laws or regulations that establish specific requirements for the confidentiality, integrity, or availability of the data in the system.
|
System ID |
Description |
|
|
|
|
|
|
|
|
|
13. Minimum Security Controls
· Provide 30 controls (of your choice) from the NIST 800-171 Security Controls documentation. Each one will be to cover all three of the above systems or, if a control is specific to one of the three notate that in the control writeup. Copy and paste the below to provide all 30 controls.
NIST 800-171 Control Number:
Control Family:
NIST 800-53 Mapping:
Relevant 20 Critical Control:
Control Summary:
Implementation Status:
Immediate Action Plan (6 months):
Action Plan (12-24 months):
Long Range Action Plan (3-5 years):
Tulane University - SOPA
CPST - 3900
