Answered step by step
Verified Expert Solution
Question
1 Approved Answer
As the security architect for a federally funded research and development center for the United States, the systems you manage have FISMA compliance requirements if
As the security architect for a federally funded research and development center for the United States, the systems you manage have FISMA compliance requirements if data that touches the system is governmentrelated. Lets assume a new research project was granted around machine learning specific to a government application. The data is sourced from government entities, thus lets say it is subject to FISMA whether or not this hypothetical example would actually be classified as such The data has been labeled haphazardly and the information classification has never fully been established. As the saying goes, Garbage in garbage outGeorge Fuechsel, in terms of information management. Your assignment is to determine an information management scheme to enable labeling for information sensitivity level classification and record retention. Fill in the missing boxes in each table, which may include adding information to partially filled in boxes as well. Refine tables through group discussions.
Although it would be interesting to include machine learning in the latter part of this activity, information labeling practices are evolving. For instance, semantic segmentation is in use for image labeling and is quite precise to the pixel level. The application of labels to information sets may use different techniques than information labeling for information management sensitivity and record retention in practice.
Classification Levels:
Level Description Controls
Public Data suitable for external distribution and consumption Integrity protection Although data may be available publically, providing an assurance on the trustworthiness of data is important to the organization.
UnclassifiedInternal Use
Internal UseSensitiveNeedtoknow Business restricted or personal information that requires protection to ensure needtoknow requirement is met.
Secret Information classified as secret, requiring needtoknow access and a secret clearance. System segregation, must be maintained on systems classified as secret. Guards on systems protect data labeled as secret from moving to systems classified at a lower level. Encryption may be used to further protect data and ensure needtoknow.
Top Secret Compartmentalized information that requires topsecret clearance and needtoknow access. This information has higher access requirements than classified data and may be an onion skin of a secret project that not all participants can be made aware.
Record Retention:
Data Type Retention Period and requirements Controls may vary from sensitivity level requirements follow strictest
Contracts years
Based on creation date
Preserve, review, and delete
Financial data years
Based on
Personal Information depends on applicable regulations list for state in US you live, plus GDPR Encryptiontokenization on highly sensitive data elements
Legal Hold
Machine Learning:
Data Types of annotations
News article Article topic
Region
Scholarly article Type of article
Specific discipline
Funded research
Journalpeer review
Image Per pixel annotations Semantic Segmentation
Per image annotations
Document For your organization ResearchBusiness
Business Unit
Funded by
Database records
For the types of information classification labels, lets assume you have a system that creates a hash of the data to be labeled in order to create an index to associate information management tags. As the architect, how might the use of hashes aid in your ability to manage information and the associated labels? Are there other alternatives to hashes that may better to index data?
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started