Instructions for Table 1. Delete before submitting.

Complete Table 1 below specifying any information assets appropriate to the case not provided (add/remove rows as needed), the component/media, owner, type of data, RTO, and RPO, of all provided information assets, based on assumptions you derive from the case document.

These values will be entered into Clearwater IRM later in this assignment. Remember, each application should be paired with its data on its own server. All data is backed to a NAS (External storage) daily, and all data and applications are backed to the cloud (Software-as-a-Service) weekly. Both NAS cross-backup daily as well (NAS 1 backs up to NAS 2 and vice versa). All employees access all information assets through their desktops. Use the following options for the corresponding column’s values:

Component Group Options:

Components (a.k.a. Media) are the devices that “create, receive, store, transmit or view” information assets. Essentially, it’s the hardware that houses software and data. Before the current update for CC|IRM, these devices were referred to as media. For this assignment, use the following components:

Servers

External Storage (NAS1 and NAS2)

Desktops

Software-as-a-Service

Security and Governance

These component types need to be selected when adding assets to Clearwater IRM, then you will reorganize these into groups that match the actual implementation in the case organization. For example: presume that the Human Resources Information Systems SERVER (Server A) contains a specialized HR application (referred to as HRIS), and a database of employee data. This application and its data are accessed by employees on DESKTOPS, with the database backed up to the EXTERNAL STORAGE (NAS1) on a daily basis, with both the HRIS and the database backed up to the SOFTWARE-AS-A-SERVICE (the cloud backup) on a weekly basis. Periodically, the organization’s InfoSec and Executive Management teams review the application and its database as part of their SECURITY AND GOVERNANCE duties. See where the Component Groups come into play with the two information assets (the HRIS and the Employee DB)? So, under this example, the HRIS entries for Table 1 would be:

(Note: I’ve just added numbers for the RTO and RPO. You should put some thought into the values for your submission. If you just list them all the same or they don’t make sense, it could cost you points on the assignment).

Data Owner: Some examples of Data Owners include the Registrar and student data; the Treasurer and financial data; the VP of Human Resources and employee data. In most cases, the Data Custodian is not the Data Owner. A system administrator or Data Custodian is a person who has technical control over an information asset dataset. While the CIO may be the data custodian, he/she is most likely NOT the owner of non-IT data.

Type of Sensitive Data Options:

· Electronic Patient Healthcare Information (ePHI) – any data retained by the organization that contains personal medical information, including that of employees and clients. Employee health coverage information in an HR file is not ePHI for our purposes – unless it included details on the coverage such as the account number, primary care physician, etc. Most HR records would only contain the name of the coverage (e.g. Blue Cross/Blue Shield HMO), but not the details.

· Payment Card Information (PCI) – any data retained by the organization that contains payment card information such as debit/credit card numbers with expiration dates, users’ names, security codes and/or billing information.

· Personally Identifiable Information (PII) – any data retained by the organization that contains personally identifiable information that could be used to identify an individual (or steal their identity) including names with social security numbers, driver’s license numbers, addresses, phone numbers, family members.

· Customer Confidential (Conf) – any data retained by the organization that has been labeled as confidential – i.e. limited in its access, distribution and use. Examples include executive meeting records; marketing and strategic plans not yet released; details of communications with and services provided to select client organizations; and company IT and InfoSec program details.

· Student Records (FERPA) – any data retained by the organization that contains academic information regarding an individual including names with student numbers, social security numbers, courses taken, grades assigned, academic integrity/misconduct issues, financial aid and/or other PII.

For our purposes, ePHI and FERPA are considered specialized versions of PII. If a data asset has no academic or medical content, just classify it as PII. If a component group contains multiple different classified data assets, list all that it contains.

RTO Tiers Options:

“Recovery time objective (RTO) is the maximum desired length of time allowed between an unexpected failure or disaster and the resumption of normal operations and service levels. The RTO defines the point in time after a failure or disaster at which the consequences of the interruption become unacceptable.” (Clearwater IRM Help Menu).

Tier 0 = 30 minutes

Tier 1 = 1 hour

Tier 2 = 8 hours

Tier 3= 24 hours

Tier 4= 2 days

Tier 5= 1 week

RPO Tiers Options:

“A recovery point objective (RPO) is the maximum acceptable amount of data loss measured in time. It is the age of the files or data in backup storage required to resume normal operations if a computer system or network failure occurs.” (Clearwater IRM Help Menu).

Tier 0 = No data loss

Tier 1 = 4 hour data loss

Tier 2 = 8 hour data loss

Tier 3= 1 day data loss

Tier 4= 2 days data loss

Tier 5= 1 week data loss

A few assets have been added to the table to help you get started. You will need to identify the rest on your own. Add rows as needed.

Table 1: Listing of Information Assets for Case Organization

Asset	Component/ Media	Data Owner	Type of Sensitive Data	RTO	RPO
1) AD Service	Desktop Server A SaaS	CIO
2) AD SQL DB	Desktop Server A NAS1 SaaS	CIO
3) DNS Service	Desktop Server A SaaS	CIO
4) DNS SQL DB	Desktop Server A NAS1 SaaS	CIO
5) Exchange email app.
6) Email DB
7) NAS1 App.
8) NAS1 Data
9) NAS2 App.
10) NAS2 Data
11)
12)
13)
14)
15)
16)
17)
18)
19)
20)
21)
22)
23)
24)
25)
26)
27)
28)
29)
30)
31)
32)
33)
Collepals.com Plagiarism Free Papers Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers. Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS Why Hire Collepals.com writers to do your paper? Quality- We are experienced and have access to ample research materials. We write plagiarism Free Content Confidential- We never share or sell your personal information to third parties. Support-Chat with us today! We are always waiting to answer all your questions. What are the professional requirements for internationally educated nurses (IENs) migrating to the United States? What positions do IENs play in the United States? What challenges d Organization of information security (roles and responsibilities)? 1. This section defines the roles and responsibilities of individuals within the organization related to information s Related Posts Information Systems Write a research paper addressing the following. Review Risk and Compliance: 3.20 SUPPLY CHAIN RISK MANAGEMENT in NIST SP800-53r5 along with ?Kraus, A. (2022 Information Systems Find and share the links to three job postings for a Project Manager either in your area or in a remote setting. What are the similarities Information Systems Complete a research paper on operations from the perspective of risk management. Discuss the importance of Operational Controls and identify other signific All Rights Reserved Terms and Conditions College pals.com Privacy Policy 2010-2018