- •Risk Analysis of ngy
- •Table of contents
- •Executive Summary
- •Recommendations
- •Operational Environment and System Configuration
- •The Risk Assessment Team
- •Organization Details of SpecOrg
- •Physical Plant and Physical Security
- •System Configuration
- •Terms and Definitions
- •Risk Analysis Methodology
- •RiskWatch Parameters and Data Analysis
- •Executive Summary Scope
- •Risk Analysis Steps
- •Key Risk Analysis Report Findings
- •Summary of asset categories
- •Assets within category
- •Recommendations
- •Physical Access Control
- •Application Controls
- •Classification Markings
- •Contract Specifications
- •Data Encryption
- •Detection System
- •Life Cycle Management
- •Passwords/Authenticaion
- •Personnel Clearances
- •Personnel Control
- •Quality Assurance
- •Risk Analysis
- •Security Policy
- •Summary of safeguards
- •Initial costs
Operational Environment and System Configuration
The four sections below, numbered 1.1.1 through 1.1.4, provide detailed information about:
The team responsible for the management of risks within the enterprise;
The organizational details of the enterprise;
The physical plant and measures in place to ensure physical security;
The configuration of systems that are deemed within the scope of this analysis;
The Risk Assessment Team
[[[
The Risk Analysis Team for the analysis of SpecOrg consisted of NAME, Project
Manager; NAME, Assistant Project Manager, and NAME, Senior Security Analyst.
The following individuals provided considerable support to the project by providing advice on risk analysis and internal control review planning, meeting to discuss the progress of the risk analysis effort, and reviewing and commenting on risk analysis deliverables:
|
1. NAME |
Office |
of |
Computer Operations |
2. NAME |
Office |
of |
Computer Operations |
|
3. NAME |
Office |
of |
Computer Operations |
|
4. NAME |
Office |
of |
Computer Operations |
|
5. NAME |
Office |
of |
Computer Operations |
|
6. NAME |
Office |
of |
Computer Operations |
|
7. NAME |
Office |
of |
Computer Operations |
|
8. NAME |
Office |
of |
Information Resources Management |
|
9. NAME |
Office |
of |
Information Resources Management |
|
10. NAME |
Office |
of |
Information Resources Management |
|
11. NAME |
Office |
of |
Budget and Administration |
|
12. NAME |
Office |
of |
Budget and Administration |
|
]]] |
|
|
|
|
Organization Details of SpecOrg
Organization and Staffing
The Office of Computer Operations, which is headed by [[[NAME]]]. [[[NAME]]], directs the management, operation, and maintenance of all SpecOrg facilities and equipment (see organization chart immediately below). SpecOrg's staffing level is [[[xx]]].
[[[
[[[NAME]]] is the current contractor for the DATA CENTER. [[[NAME]]] is the project manager for the [[[NAME Contract]]] which is responsible for performing tasks assigned by SpecOrg for the operation and maintenance of SpecOrg facilities (see organization chart on page 9). SpecOrg and its subcontractor, [[[NAME]]], have [[[xx]]] staff assigned to this contract.
]]]
[[[
THE DATA CENTER provides data processing for SpecOrg application systems, program management systems, SpecOrg financial management and other administrative
systems, and decision support systems supporting SpecOrg policy formulation. For the approximate 7,000 Statewide users, the data center processes approximately 50,000 batch jobs and 26,000 individual sessions per month; along with about 150,000 tape mounts. In addition, the data center maintains near 100% availability of the system for its users
]]]
Figure 1 [[[ PLACE ORGANIZATION CHART HERE ]]]