Template Perencanaan Keamanan Informasi (From NYS Infosecplan - v1) D

TravelMate IS Version: 1.
0
Information Security Plan Date: 10/29/2019
TIS-001
TravelMate
Information Security Plan
<project> Version: <0.01>
NYS Information Security Plan Template Date: 10/29/2019
<unique document identifier>
Contents
I.Application/System Identification3
1.Information System Name/Title3
2.Information Contact(s)3
3.Information System Operational Status3
4.Applicable Laws or Regulations Affecting the System3
II.Security Roles and Responsibilities3
III.Staff SDLC Security Task Orientation5
IV.System Criticality Level6
Appendix A: Available Resources7
<filename> Page 2 of 7
I. Application/System Identification
1. Information System Name/Title
· Unique identifier and name given to the system
2. Information Contact(s)
Information owner & name of person(s) responsible for/knowledgeable about
the application/system:
· Name: Muh. Wildan Shalahuddin
· Title: S.kom
· Address: Malang
· Email address: Wildan@gmail.com
· Phone number: 123456
· Name : Yuan Edo Ramadhana

· Title : S.kom
· Address : malang
· Email Address : edo@gmail.com
· Phone number : 111111
3. Information System Operational Status

Indicate the operational status of the system. If more than one status is selected,
list which part of the system is covered under each status.
· Under development
· Undergoing a major modification/redesign
4. Applicable Laws or Regulations Affecting the System

List all laws and/or regulations that establish specific requirements for
confidentiality, integrity, or availability of data/information in the system.
Typically, these must be defined by the information owners and/or counsel.
II. Security Roles and Responsibilities
List below the security roles defined within this application/system’s SDLC, the
expected security responsibilities and the name of the person(s) assigned to each
role.
Security Roles and Assignments

Security Role Name and Contact Information Security Responsibilities
Authorizing Name: Muh. Wildan Shalahuddin Inspecting and Authorizing IS
Official (AO) Title: S.kom plans, including changes
Address: Malang
Email address: Wildan@gmail.com
Phone number: 123456
Chief Name : Yuan Edo Ramadhana Planning and leading IS system
Information Title : S.kom development, as well as ensuring
Officer (CIO) IS
Address : malang
Email Address : edo@gmail.com
Phone number : 111111
Configuration Name: Muh. Wildan Shalahuddin Configuring the IS system
Management Title: S.kom
(CM) Manager
Address: Malang
Contracting Name : Yuan Edo Ramadhana Managing contracts with third-
officer Title : S.kom party IS partners
Address : malang
Legal Advisor / Name: Muh. Wildan Shalahuddin Advising over IS plans
Contract Title: S.kom compatibility over law
Attorney
Address: Malang
Privacy Officer Name: Muh. Mauludin Rohman Managing and ensuring privacy
Title: S. Kom policy
Address: Malang
Email address: udin@gmail.com
Software Name : Yuan Edo Ramadhana Software developer
Developer Title : S.kom
Address : malang
System Architect Name: Muh. Mauludin Rohman IS system designer
Title: S. Kom
Address: Malang
Security Roles and Assignments

Security Role Name and Contact Information Security Responsibilities
System Owner Name : Yuan Edo Ramadhana System owner
Title : S.kom
Address : malang
Note: The above security roles were taken from NIST 800-64.
Roles that do not apply to this project can be removed. Additional roles can be added as needed.
I. Staff SDLC Security Task Orientation
Identify the person(s) responsible for assuring that orientation is provided to all
parties responsible for performing security awareness activities as part of the
application.system’s SDLC process.
Security Role Name and Contact Information

Responsible Name: Yuan Edo Ramadhana
Person Title: S. Kom
Address: Malang
Email address: edo@gmail.com
Responsible Name: Muh. Wildan Shalahuddin
Address: Malang
Responsible Name: Muh. Mauludin Rohman
Address: Malang
Document how staff will be oriented.
I. System Criticality Level
In the table below, record the System Criticality Profile of all systems and applications
that are within the scope of this project. The criticality profile is qualitative with the
possible choices being Mission Critical (MC), Mission Important (MI) and Mission
Supportive (MS).
Table II-B-2: System Criticality Profile
System / Application Name Criticality Level (MC/MI/MS) Description
Database (cloud) MC User and transaction database,
stored in cloud
Database (physical) MI User and transaction database,
stored in HDD
Computers MC Desktop computers for server
handling and development
Laptops MS Laptops for development and
backups
Definitions:
Mission Critical (MC) – Automated information resources whose failure would preclude the Agency
from accomplishing its core business operations.
Mission Important (MI) – Automated information resources whose failure would not preclude the
Agency from accomplishing core business processes in the short term, but would cause failure in the
mid to long term (3 days to 1 month).
Mission Supportive (MS) – Automated information resources whose failure would not preclude the
Agency from accomplishing core business operations in the short to long term (more than 1 month),
but would have an impact on the effectiveness or efficiency of day-to-day operations.
II.
Appendix A: Available Resources
The following types of resources are available for use to complete the Security Plan.
These individual documents can be inserted into the Plan document diretly or attached
as appendices.
Template: Blank document that includes the minimum required elements. It can be branded to
your organization.
Sample: A completed or partially completed template using generic information.
Example: A document previously developed by an SE which has been deemed acceptable for
reporting puposes by the EISO.
The table below provides links to the available resources by Security Activity.
Information Classification
Template Information Asset Classification Worksheet
Sample
<To be completed>
Example
<To be completed>
Security Profile Objectives
Template Template_SecurityProfileObjectives
Sample Sample_SecurityProfileObjectives
System Profile
Template Template_SystemProfile
Sample Sample_SystemProfile
System Decomposition
Template Template_SystemDecomposition
Sample Sample_SystemDecomposition
Vulnerability and Threat Assessment
Template Template_ApplicationRiskAssessment
Sample Sample_ApplicationRiskAssessment
Risk Assessment
Refer to above documents for Vulnerability and
Threat Assessment activity.
Security Controls Selection and Documentation
Template Template_RiskAcceptanceAndControlAssignmen
t
Sample Sample_RiskAcceptanceAndControlAssignment
Accreditation
Example Example_AccreditationDecisionLetter_Authoriza
tion
Example Example_AccreditationDecisionLetter_Interim
Example
Example_AccreditationDecisionLetter_De
nial

Template Perencanaan Keamanan Informasi (From NYS Infosecplan - v1) D

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Template Perencanaan Keamanan Informasi (From NYS Infosecplan - v1) D

Transféré par

Droits d'auteur :

Formats disponibles

TravelMate IS Version: 1.

· Name : Yuan Edo Ramadhana

3. Information System Operational Status

4. Applicable Laws or Regulations Affecting the System

II. Security Roles and Responsibilities

Security Roles and Assignments

Security Roles and Assignments

I. Staff SDLC Security Task Orientation

Security Role Name and Contact Information

Document how staff will be oriented.

I. System Criticality Level

Appendix A: Available Resources

Vous aimerez peut-être aussi