Premium Essay

Data Classification Plan

In:

Submitted By thomas2004
Words 540
Pages 3
Data Classification Policy

I. PURPOSE

The purpose of this data classification policy is to provide a system for protecting information that is critical to the organization. All workers who may come into contact with confidential information are expected to familiarize themselves with this data classification policy and to consistently use it.

II. POLICY

The organizations data classification system has been designed to support the need to know so that information will be protected from unauthorized disclosure, use, modification, and deletion. Consistent use of this data classification system will facilitate business activities and help keep the costs for information security to a minimum. Without the consistent use of this data classification system, Company X unduly risks loss of customer relationships, loss of public confidence, internal operational disruption, excessive costs, and competitive disadvantage.

Applicable Information: This data classification policy is applicable to all information in the Company X s possession. For example, medical records on patients, confidential information from suppliers, business partners and others must be protected with this data classification policy. No distinctions between the word data , information , knowledge, and wisdom are made for purposes of this policy.

Consistent Protection: Information must be consistently protected throughout its life cycle, from its origination to its destruction. Information must be protected in a manner commensurate with its sensitivity, regardless of where it resides, what form it takes, what technology was used to handle it, or what purpose(s) it serves. Although this policy provides overall guidance, to achieve consistent information protection, workers will be expected to apply and extend these concepts to fit the needs of day-to-day operations.

Similar Documents

Premium Essay

Meow Investments Meow Documents

...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and availability (CIA) concepts  Layered security solutions implemented for the seven domains of a typical IT infrastructure  Common threats for each of the seven domains  IT security policy framework  Impact of data classification standard on the seven domains Reading  Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work:  Data Classification Standard  Information System  Information Systems Security  Layered Security Solution  Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes  You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...

Words: 1409 - Pages: 6

Premium Essay

Nt2580 Week 1

...Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report on how the "Internal Use Only" data classification standard impacts the seven domains of the investment firm's IT infrastructure. Refer to Project Part 1. Multi-Layered Security Plan in the Project...

Words: 530 - Pages: 3

Premium Essay

Watson Health Care Case Study

...Health Branch requested the insurers provide aggregate data of total billed claims, paid claims, covered lives, and member-months that were stratified by gender, age, plan type, and year. Age was reported as ten-year categories. Plan type was defined as plans sold on the commercial market, which include EUTF and Federal plans. The plan types include: all individual plans sold on the ACA marketplace and off the marketplace; all grandfathered, transitional, and ACA compliant plans in the small group market; all grandfathered, transitional, and ACA compliant plans in the large group market. The data requested was for the years 2014 through 2016. Total billed claim was defined as the total amount of a claim submitted by a medical provider to an insurer. Total paid claim was defined as the total amount paid to the medical provider by the insurer. A per member per month (PMPM) cost was calculated by taking the total ICD paid and billed amounts and dividing each by the total member months for each...

Words: 483 - Pages: 2

Premium Essay

Directed Research Project

...Project Deliverable 6: Final Project Plan CIS 590 Directed Research Project 6/15/15 Table of Contents 1. Project Plan Overview 1.1 Background 1.2 Project Description 1.3 Goals and Objectives 1.4 Scope 1.5 Roles and Responsibilities 1.6 Constraints and Assumptions 1.7 Risks 1.8 Project Deliverables 2. Project Work Plan 2.1 Work Breakdown Structure 2.2 Staffing Plan 2.3 Project Schedule 2.4 Project Budget 3. Solution Provider 4. Database and Data warehousing 5. Infrastructure and Security 6. Appendix The Project Plan defines the following: 0 Background 1 Project Description 2 Business and project goals and objectives 3 Scope 4 Roles and responsibilities 5 Assumptions and constraints 6 Project budget 7 Project timeline 8 The conceptual design of new technology 1. Project Plan Overview 1.1 Background Information is a significant component of any trusted business activity. Information is useful across the entire organization for number of purposes and is stored in an assortment of information systems. Modification to any of these information systems must be firmly controlled and managed to evade those loss of important information that cannot be recovered. System...

Words: 4434 - Pages: 18

Premium Essay

Data Classification

...District Office, Information Security Public Page 1 of 3 Data Classification Standards Purpose: To protect the confidentiality, integrity, and availability of Pima Community College data – pursuant to Data Trusteeship (SPG-5702/AB) and Security of the Information Technology Infrastructure (SPG-5702/AC) – through the identification of information that requires protection. Audience: All members of the Pima Community College community, including faculty, staff, and students. Sponsoring Unit: Vice Chancellor of IT, 2008. I. Definitions A. Responsible parties Data Trustees: Per SPG-5702/AB: “The accuracy and completeness of the data within the Enterprise Resource Planning systems are the responsibility of functional units of the College. All student information and grants systems data are assigned to the Office of the Provost. All finance data and payroll modules are assigned to the Office of the Executive Vice Chancellor of Administration. All human resources data, except payroll, are assigned to the Vice Chancellor of Human Resources. Data Stewards: Deans, vice chancellors, assistant vice chancellors, directors, managers or others as identified by the data trustees to manage a subset of data. Data Processor: Any individuals who have been authorized by a data steward to create, remove, or modify data. B. College data types The assessment criteria for the following classifications were derived from the National Institute of Standards and...

Words: 1075 - Pages: 5

Premium Essay

Is4550 Lab 9

...Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire destroys primary data center Threat Assessment and Management policy communication circuit outages Asset Protection Policy Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy Unauthorized access to organization owned Workstations Asset Management Policy Loss of production data Security Awareness Training Policy Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy Remote communications from home office Asset Protection Policy LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy User downloads an unknown e-mail attachment Security Awareness Training Policy Workstation browser has software vulnerability Vulnerability Assessment and Management Policy Service provider has a major network outage Asset Protection Policy Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management Policy User inserts CDs and USB hard drives with personal photos...

Words: 616 - Pages: 3

Free Essay

Asset Identification & Asset Classifcation

...Asset Identification & Asset Classification 1. What is the purpose of identifying IT assets and inventory? i. To help identify areas of potential risks. 2. What is the purpose of an asset classification? ii. To evaluate the health of the company by examining how well each of the company’s assets are performing. 3. For the scenario you picked, give three (3) examples of customer privacy data elements. (HIPAA) iii. Names iv. Medical records v. Health plan beneficiary numbers 4. Why is your organization’s website classification minor nut its e-commerce server considered critical for your scenario? vi. Because it presents a smaller threat while the e-commerce server is more valuable to the organization. 5. Why would you classify customer privacy data and intellectual property assets as critical? vii. They are valuable assets to the organization and possess value to the organization. 6. What are some examples of security controls for recent compliance law requirements? viii. Sarbanes-Oxley Act – To certify the accuracy of financial information. ix. Children’s Online Privacy Protection Act – Information from children under the age of 13. 7. How can a Data Classification Standard help with asset classification? x. Classifying data helps prevent vulnerability to sensitive data. 8. How can you minimize leakage of customer privacy data through the public internet? xi. Gramm-Leach-Bliley...

Words: 295 - Pages: 2

Premium Essay

Personality Testing Paper

...personality assessment will be chosen. There will also be demographic information of a potential client included as well. This will also define background data of the client and their current level of functioning pertaining to the presenting problem to be assessed. The literature review of 3 peer reviewed journals will also be provided to help as supporting material for the effectiveness of the chosen...

Words: 2199 - Pages: 9

Premium Essay

Nokia

...Information System for the Ukrainian civil service” To discuss desired course of implementation, including a staged approach To confirm overall direction and next steps What is a human resources management information system? 3 It is an application that supports the delivery of HR management, and automates a number of processes with a view to increase efficiency and standardize HRM processes for the Ukrainian civil service. It is comprised of modules, that are interlinked.  Comprehensive HR system is a foundational element of HRM Reform project.  Background and Context 1 4   This roadmap was developed on the basis of interviews held with Heads of HR and MDCS officials in the spring of 2009, to gather information on data collection, analysis and reporting, and the level of technological support. A review of the NDCS concept paper was also undertaken; Issues identified during this consultation process include:  Current systems (Kadry, Kartka) do not meet the needs of HR departments; limited capacity for analysis at the CEGB and government levels; time consuming process for annual reporting to State Statistics Committee;  Inconsistent way of recording and maintaining HR information; multiple manual recording systems, Excel spreadsheets with no connectivity;  Limited archival and retrieval capability for employee records;  HR specialists spend most of their time processing HR transactions, leaving little time for strategic work; staffing, training and performance...

Words: 3178 - Pages: 13

Premium Essay

Mis Report

...INTRODUCTION FOCUS “To be your family hospital. We will not be the largest hospital but we will be the best.” MISSION To be the preferred choice for healing and good health. HISTORY Dr. L H Hiranandani Hospital is Located at Powai, Mumbai. It also has a branch in Thane. It is an ISO 9001:2008 certified hospital. It is the first hospital in Mumbai and in the Western region to be NABH (National Accreditation Board for Hospitals & Healthcare Providers) accredited. Dr. L H Hiranandani Hospital was conceptualized by Niranjan and Surendra Hiranandani and has been built in honor of their father Dr. L. H. Hiranandani. The foundation stone was laid on the 15th September 2002. The major Specialties include Medicine, Surgery, Obstetrics & Gynecology, Pediatrics, Dentistry, Anesthesiology and Complementary Medicine. The hospital has state-of-the-art facilities in different areas in surgery like Cardiothoracic Surgery, Reconstructive surgery, Oncology, Orthopedics, Urology and Urodynamic, Obstetrics, Pediatrics Surgery, Gynecology, ENT, Ophthalmology and minimally invasive Endoscopic surgery and Gastro-Enter ology. Obstetric and Gynecological facilities include high risk pregnancy care, reproductive medicine, micro vascular surgery and gynaec-oncology.  The Radiology & Imaging Sciences facility comprises of X-ray, Ultra-sonography, CT scan, MRI, Bone densitometry, Mammography, Advanced clinical laboratory, Cardiac diagnostics - 2D-echo, Stress test, Pulmonary function...

Words: 2439 - Pages: 10

Premium Essay

Evaluation of Incp in a Practice Setting

...different nursing classification systems to compile common information across the continuum. A nurse in the medical unit is able to utilize a care plan that is formulated based on information compiled and translated into best evidenced based practice. “Information gathered is also useful in the educational setting expands nursing knowledge of interventions, outcomes and languages” (Rutherford, 2008). The nurse would choose a nursing diagnosis based on the assessment and collection of patient information. ICNP can be utilized incorporating other systems of classification such as Omaha System, NANDA, NIC, and HHCC (Hynn & Park, 2002). A nursing diagnosis is formulated and a recognized set of interventions would be initiated. With the added benefit of an electronic format at the bedside, the nurse is able to document at the bedside with more precision and timeliness, improving the accuracy of documentation. For example, a patient admitted with the diagnosis of COPD, the nurse could use the nursing diagnosis of impaired gas exchange. A care plan would be created with appropriate interventions and outcome criteria. Care would be more precise based on standardized interventions and outcomes derived from ICNP. A study in 2005 to assess the “expressiveness” of an ICNP based computerized nursing record system. The study discovered that bedside nurses were receptive to its use. Seventy-five percent of data input achieved using the standardized language. Other data input was in...

Words: 469 - Pages: 2

Free Essay

Security Notes

...Week 1: Lecture 1: Information * Information * Information is things that are or can be known about a topic. It is also known as communicable knowledge, which is something you can impart to someone else. It is an unambiguous abstraction of data. Now in the digital sense, the smallest unit of information is a single bit; is the bit on or is the bit off? Now if we go back to the days of landline telephone service, you would call information which would give you a phone number for a subscriber if you describe enough detail who the describer might be. The difference between data and information is that information is knowledge that you get or abstract through processing of data. What I do with those 1’s and 0’s, and how I would apply application software to it, transitions data and turns it into knowledge. * The other thing about information is that information depends on the context around it. For example, lets take numbers….10 digits, well 10 digits by themselves can just be 10 digits, but if I put a semicolon in between them (:), it can now be assumed that it is a time or a duration or a track record. Now if I would put a $ in front of those numbers, it could be the price of something or the amount of money in my wallet. Now if I add another meaning to those numbers lets say, I make the first 3 digits an area or a region assignment, the next 2 digits a group and the last 4 a serial number….I will then have the coding for a social security number. Now they...

Words: 1168 - Pages: 5

Premium Essay

Creating and Affirmative Action Plan

...Creating an Affirmative Action Plan An affirmative action plain is a formal plan created by employers to address the disparity of minorities and women in the employer’s workforce. Affirmative action plans are also implemented by organizations to meet a requirement for doing business with the federal government. An employer may also look to implement a plan to rectify past discriminatory practices. This paper will examine several of the key factors that are needed in creating an effective affirmative action plan. Before any deficiencies can be addressed a job group analysis needs to be conducted. This analysis is used to show each job classification and if it is held by a woman or minority. The objective of the analysis is to show the availability of women and minorities for a particular category. The data retrieved from the analysis will be used by the organization to identify where the underrepresentation is occurring. The data from the analysis can be compared with census data to gain a better understanding of the area’s demographic and the organization’s workforce makeup in relationship to the area’s demographic. Once a class is identified as being underrepresented steps can be taken to fill vacancies in that classification with individuals from the protected classes. An affirmative action program is justified if an employer can show a disproportion in a job classification that has previously been segregated (Eisaguirre, 1999, p. 84). Recruiting practices must be examined...

Words: 785 - Pages: 4

Premium Essay

Management Information System

...LQUESTION Describe the strategic role of information in an organization. INFORMATION This script purposely focuses attention on the definition of information, its characteristics, classification, functions and the strategic role it plays in an organization. Information is a data that is accurate and timely, specific and organized for a purpose, presented within a context that gives it meaning and relevance and can lead to an increase in understanding and decrease in uncertainty. The functions and importance of information to an organization cannot be overemphasized. According to Davis and Olson: “Information is a data that has been processed into a form that is meaningful to recipient and is of real or perceived value in the current or the prospective action or decision of recipient.” Information is also described as data that has been processed in some manner into a form that is both usable and meaningful to the end user. Information therefore is data that has been processed, organized, structured or presented in a given context so as to make them useful. The value of information lies solely in its ability to affect a behavior, decision or outcome. A piece of information is considered valueless if, after receiving it, decisions that information is supposed to influence remain unchanged. Information is a most critical resource of the organization. Managing the information means managing future. Information is knowledge that one derives from facts placed in the right...

Words: 2218 - Pages: 9

Free Essay

Business Management

...9. What is its standard industrial classification (SIC) code? A standard industrial classification (SIC) code is a numerical system for classifying industries with a four-digit code. It was established in the US in 1937. In 1997, the SIC system was replaced by a system called North American Industry Classification System (NAICS code). Certain agencies like the Securities and Exchange Commission (SEC) still use the SIC codes. The purposes of these systems are to collect, analyze and publish statistical data related to the economy. It simplifies reporting and comparing businesses. Another usage of the codes is by the Internal Revenue Service, Social Security Administration and by the Bureau of Labor Statistics, who updates the codes every three years and uses SIC to report work force, wages and pricing issues. The representations of the numerical codes are different for each classification system. Under the SIC codes, the first two digits of the code represent the major industry sector to which a business belongs. The third and fourth digits describe the sub-classification of the business group and specialization, respectively. http://www.census.gov/eos/www/naics/ The Standard Industry Classification (SIC) code for Coca-Cola is 2080 and Coke is 299901. www.osha.gov/pls/imis/sic_manual.display?id=631&tab=description The NAICS code for Coca-Cola is 312111. http://www.naics.com/naics-code-description/ 10. What types of financial data are found in the company's financial...

Words: 437 - Pages: 2