home / study / engineering / computer science / questions and answers / a) based
ID: 3862296 • Letter: H
Question
home / study / engineering / computer science / questions and answers / a) based on what the federal information processing ... Question: A) Based on what the Federal Information Processin... A) Based on what the Federal Information Processing Standard 199 (FIPS-199) requires information owners to classify information and information systems? Provide a detailed answer. B) Are there any differences between classifying governmental information and commercial information? And are there any common levels of classification have been used to classify governmental information and commercial information? Explain your answers and supported them with examples (NOT from the book or slides). C) Can a company make a change on classified information? Assuming now a company feels that such information need higher protection or the company decide to make some information that was classified as secret to be accessed by public. Here, is there any mechanism or process that allows a change in classified information. Explain your answers and supported them with examples (NOT from the book or slides).
Explanation / Answer
A) There are three categories for classifying the information system.
1. Confidentiality:- providing privacy for the personal information. Preventing unauthorised users to access personal information.
2. Integrity:- providing the appropriate information for users. Preventing the information to be modified by unauthorised users by ensuring information non-repudation and authenticity.
3. Availability:- ensuring the availability of information when required. According to usage of information by users information should be available even at peak stages by maintaining the reliability.
B) There are some levels of information to be classified according to governmental and commercial information.
For Governmental Data
1. Top secret:- It should have highest security. Causes severe harm to national security on disclosure.
2. Secret:- less sensitive when compared with top secret data. But, causes serious damage to national security if discloused.
3. Confidential:- This information is restricted only to authorized users.
4. Sensitive but unclassified:- It is sensitive data. But, not considered vital to national security even it's disclosed.
5. Unclassified:- non sensitive information.
For commercial information
1. Sensitive:- This kind of data should have most limited access and requires high degree of Integrity. Eg: Development methods followed within an organisation.
2. Confidential:- This kind of data might be less restrictive within an organisation but disclosure causes severe damage. Eg: information regarding clients.
3. Private:- This data should be kept private for some security reasons. Eg: Information of employees working in an organisation.
4. Proprietary:- It can be disclosed outside the organisation. Eg: Technical specifications of a new product to be released by a company.
5. Public:- Less sensitive data could cause least harm if discloused. Eg: No of employees working in a company.
C) Sanitisation is one of the process for declassifying the information. Classified information is protected from unauthorised access using some security system. When this information is sanitised the documents are removed from the list and made available to common users.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.