Professional Documents
Culture Documents
Antony Kungu - Csol550 Final Project - Information System Security Plan
Antony Kungu - Csol550 Final Project - Information System Security Plan
Antony Kungu - Csol550 Final Project - Information System Security Plan
Antony Kungu
CSOL 550
_______________________
The purpose of this security plan is to provide an overview of the security of the payroll
system and will describe the controls and critical elements in place or planned for, based
on NIST Special Publication (SP) 800-53 Rev. 3, Recommended Security Controls for
Federal Information Systems. Each applicable security control has been identified as
either in place or planned. This ISSP follows guidance contained in NIST Special
Publication (SP) 800-18 Rev. 1, Guide for Developing Security Plans for Federal
Information Systems, February 2006.
This Information System Security Plan (ISSP) provides an overview of the security
requirements for the Payroll system and describes the controls in place or planned for
implementation to provide a level of security appropriate for the information processed as
of the date indicated in the approval page.
Note: This ISSP is a living document that will be updated periodically to incorporate new
and/or modified security controls. The plan will be revised as the changes occur to the
system, the data or the technical environment in which the system operates.
The following table shows the information that will/is being processed by the payroll
system according to FIPS 199 categorization.
The table below shows the highest level of information processed by the Payroll
system
FIPS 199 Guide for Developing Information Security Plans for Federal
Information Systems POTENTIAL IMPACT
The information system owner is a Prime-Time Security official responsible for the
procurement, development, integration, modification, operation, maintenance, and
disposal of an information system. In coordination with the information system security
officer, the information system owner is responsible for the development and
maintenance of the security plan and ensures that the system is deployed and operated in
accordance with the agreed-upon security controls.
Date 07/01/2018
1
4. Authorizing Official:
1
Authorizing Official’s Name Paul Wellstone
Title CIO
Organization/Division IT
Address Minneapolis, MN
Email Paul_wellstone@primetimesecurity.co
m
Phone #1 +1-52-369-2634
Phone #2
Signature
Date 07/01/2018
1
Name Kirkland Benson
Title CISO
Organization/Division Cyber Defense
Address Minneapolis, MN
Email Kirkland_benson@primetimesecurity.com
Phone #1 +1952-369-2458
Phone #2
Signature
Date 07/01/2018
The table below Indicates if the system is a major application or a general support
system.
The payroll system is used for balancing and reconciling payroll data and depositing and
reporting taxes. The payroll department takes care of wage deductions, record keeping
and verifying the reliability of pay data. A payroll system calculates the amount you owe
your employees based on factors such as the time they worked, their hourly wages or
salaries, and whether they took vacation or holiday time during the pay period. The
system adjusts gross pay by calculating and subtracting taxes and other withholding
amounts.
The diagram below shows the minimum-security control baseline (low-, moderate-, high-
impact) from NIST SP 800-53.
Degree of care that an ordinary and reasonable person would normally exercise, over his
or her own property or under circumstances like those at issue. The concept of due care is
used as a test of liability for negligence