...District Office, Information Security Public Page 1 of 3 Data Classification Standards Purpose: To protect the confidentiality, integrity, and availability of Pima Community College data – pursuant to Data Trusteeship (SPG-5702/AB) and Security of the Information Technology Infrastructure (SPG-5702/AC) – through the identification of information that requires protection. Audience: All members of the Pima Community College community, including faculty, staff, and students. Sponsoring Unit: Vice Chancellor of IT, 2008. I. Definitions A. Responsible parties Data Trustees: Per SPG-5702/AB: “The accuracy and completeness of the data within the Enterprise Resource Planning systems are the responsibility of functional units of the College. All student information and grants systems data are assigned to the Office of the Provost. All finance data and payroll modules are assigned to the Office of the Executive Vice Chancellor of Administration. All human resources data, except payroll, are assigned to the Vice Chancellor of Human Resources. Data Stewards: Deans, vice chancellors, assistant vice chancellors, directors, managers or others as identified by the data trustees to manage a subset of data. Data Processor: Any individuals who have been authorized by a data steward to create, remove, or modify data. B. College data types The assessment criteria for the following classifications were derived from the National Institute of Standards and...
Words: 1075 - Pages: 5
...Data Classification Standard is a guideline of how a business or organization should handle as well as secure their different array of data. With this particular report it will describe the “Internal Use Only” data of an Investment firm. Internal use only should tell you that this is information that is seen by employees of a company and no one else. There are 3 domains that could be under this umbrella of internal use only these would be the User Domain, Workstation Domain and the LAN domain. First we have the User Domain which defines the employees that will access the company’s information systems. This particular domain is the weakest link in the domain infrastructure due the users on this system that don’t think about the vulnerabilities and threats which include lack of user awareness, apathy towards policies, policy violations, downloads of personal or files that could malicious. Each of these risks is presented on an everyday basis that could compromise a company’s internal data. Secondly, you have the workstation domain, which is the domain where most of the users connect to the organizations infrastructure. This domain should require very tight security as well as access rights. Meaning, each user on the domain should only have the right to access what they need to be able to do their job productively and no more. This will have an impact in lowering the chance of breach in security. Some threats with this domain include; Unauthorized access to workstations...
Words: 417 - Pages: 2
...[pic] Data Classification Policy Disclaimer of warranty—THE INFORMATION CONTAINED HEREIN IS PROVIDED "AS IS." HAWAII HEALTH INFORMATION CORPORATION (“HHIC”) AND THE WORKGROUP FOR ELECTRONIC DATA INTERCHANGE (“WEDI”) MAKES NO EXPRESS OR IMPLIED WARRANTIES RELATING TO ITS ACCURACY OR COMPLETENESS. WEDI AND HHIC SPECIFICALLY DISCLAIM ALL WARRANTIES, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL HHIC OR THE HIPAA READINESS COLLABORATIVE (“HRC”) BE LIABLE FOR DAMAGES, INCLUDING, BUT NOT LIMITED TO, ACTUAL, SPECIAL, INCIDENTAL, DIRECT, INDIRECT, PUNITIVE, EXEMPLARY OR CONSEQUENTIAL, COSTS OR EXPENSES (INCLUDING ATTORNEY'S FEES WHETHER SUIT IS INSTITUTED OR NOT) ARISING OUT OF THE USE OR INTERPRETATION OF HRC POLICIES OR THE INFORMATION OR MATERIALS CONTAINED HEREIN. This document may be freely redistributed in its entirety provided that this notice is not removed. It may not be sold for profit or used in commercial documents without the written permission of HHIC. While all information in this document is believed to be correct at the time of writing, this document is for educational purposes only and does not purport to provide legal advice. If you require legal advice, you should consult with an attorney. The information provided here is for reference use only and does not constitute the rendering of legal, financial, or other professional advice or recommendations...
Words: 1047 - Pages: 5
...Data Mining Algorithms for Classification BSc Thesis Artificial Intelligence Author: Patrick Ozer Radboud University Nijmegen January 2008 Supervisor: Dr. I.G. Sprinkhuizen-Kuyper Radboud University Nijmegen Abstract Data Mining is a technique used in various domains to give meaning to the available data. In classification tree modeling the data is classified to make predictions about new data. Using old data to predict new data has the danger of being too fitted on the old data. But that problem can be solved by pruning methods which degeneralizes the modeled tree. This paper describes the use of classification trees and shows two methods of pruning them. An experiment has been set up using different kinds of classification tree algorithms with different pruning methods to test the performance of the algorithms and pruning methods. This paper also analyzes data set properties to find relations between them and the classification algorithms and pruning methods. 2 1 Introduction The last few years Data Mining has become more and more popular. Together with the information age, the digital revolution made it necessary to use some heuristics to be able to analyze the large amount of data that has become available. Data Mining has especially become popular in the fields of forensic science, fraud analysis and healthcare, for it reduces costs in time and money. One of the definitions of Data Mining is; “Data Mining is a process that consists of applying data analysis and discovery...
Words: 5455 - Pages: 22
...Impact of Data Classification Standard and Internal Use Only Data classification standard provides the means of how the business should handle and secure different types of data. Through security controls different data types can be protected. All these security controls should apply to each of every IT infrastructure in which it will state how the procedures and guidelines will guarantee the organization’s infrastructures security. This report will identify the definition of “Internal Use Only” data classification standard of Richman Investments. Internal Use Only includes information that requires protection from unauthorized use, disclosure, modification, and or destruction pertaining to a particular organization. This report will tackle 3 IT infrastructure including workstation domain, LAN-Wan Domain, and Remote Access Domain. Internal Use Only data includes data related to business operations, finances, legal matters, audits, or activities of a sensitive nature, data related to stake holders, information security data including passwords, and other data associated with security related incidents occurring at the business company, internal WCMC data, the distribution of which is limited by intention of the author owner or administrator. For the Workstation Domain, the impact of data classification standard internal use only can possibly applied when a user violates AUP and generates security hazard for the establishment’s IT infrastructure. In order to prevent something...
Words: 596 - Pages: 3
...Carlos L. Valverde NT2580 Unit1/Assignment 2 03/25/13 Impact of a Data Classification Standard “Internal Use Only” This is my brief report on the IT infrastructure domain. I will be describing the “internal use only “data classification standards set by Richman Investments. The user domain is the first layer of the IT infrastructure I will discuss that is affected by the “internal use only” standard. It is the first layer and what some believe to be the weakest in the infrastructure. The user domain is where personal information is created and obtained for internal use only. Each person will have set permissions on what they can and cannot do. This way no one person can mess up or delete anything that doesn’t need to be (Jones and Bartlett Learning). The work station domain is the second layer of the infrastructure that I will discuss. This is also affected by the “internal use only” standard. This layer is where the user can access the network and any applications or information on the system. This requires a user to login with a password or authentication of some kind. This has to be done before this person can get to this information. This will help keep people out that aren’t supposed to be accessing the information (Jones and Bartlett Learning). The LAN to WAN domain is the third layer of the infrastructure I will discuss. I feel this is also affected by the “internal use only” standard. The TCP ...
Words: 340 - Pages: 2
...Test 2 Notes (Ch. 5,6,7,10) Ch. 5 consciousness- an individuals awareness of external events and internal sensations under a condition of arousal meta cognition- thinking about thinking. The 5 levels of consciousness: Higher-level- highly focused; selective attention Lower-level- automatic processes; little attention, daydreaming Altered States- trauma, drugs, fear, fatigue, meditation, prayer biorhythms- are periodic physiological fluctuations in the body. Circadian rhythms- daily behavioral or physiological cycles (exs: sleep/wake, body temp, blood sugar, and blood pressure). Why we need sleep: For physical restoration, adaptation, growth, and memory. What it does for us: Sleep rests the body and mind. The effects of chronic sleep deprivation: Have trouble paying attention to tasks and solving problems, decreases brain activity. The 5 stages of sleep: Stage 1: drowsy sleep; myoclanic jerk; (theta waves) Stage 2: Muscle activity decreases Stage 3 & 4: delta waves; deep sleep Stage 5: (REM) dreaming occurs (Rapid Eye Movement) Major sleep disorders: insomnia- inability to sleep Nightmares- occur during REM Night Terrors- occur in kids, during stage 4 Narcolepsy- sudden urge to sleep Sleep Apnea- stop breathing during sleep Psychoactive drugs- act on the nervous system to alter states of consciousness, modify perceptions and change moods. Tolerance- the need to take increasing amounts of a drug to get the same effect physical dependence- the physiological...
Words: 1550 - Pages: 7
...Data Classification Policy I. PURPOSE The purpose of this data classification policy is to provide a system for protecting information that is critical to the organization. All workers who may come into contact with confidential information are expected to familiarize themselves with this data classification policy and to consistently use it. II. POLICY The organizations data classification system has been designed to support the need to know so that information will be protected from unauthorized disclosure, use, modification, and deletion. Consistent use of this data classification system will facilitate business activities and help keep the costs for information security to a minimum. Without the consistent use of this data classification system, Company X unduly risks loss of customer relationships, loss of public confidence, internal operational disruption, excessive costs, and competitive disadvantage. Applicable Information: This data classification policy is applicable to all information in the Company X s possession. For example, medical records on patients, confidential information from suppliers, business partners and others must be protected with this data classification policy. No distinctions between the word data , information , knowledge, and wisdom are made for purposes of this policy. Consistent Protection: Information must be consistently protected throughout its life cycle, from its origination to its destruction. Information must...
Words: 540 - Pages: 3
...RICHMAN INVESTMENTS DATA CLASSIFICATION STANDARD The main priority of Richman investment is to keep the financial investments and consulting of our clients confidential. To maintain complete security of their information, new guidelines will be implemented to the User Domain, Workstation Domain, and the System Application Domain. To help mitigate threats in the User Domain all employees will attend annual training on basic computer security. Annual training will keep employees updated on recent virus threats and refresh employees on safety protocols they can practice to keep the company network secure. Also access to social network, social media, and indecent web sites will be blocked. By implementing these safeguards it will help stop computer viruses from infiltrating the infrastructure and obtaining access to client’s personal information and it also prevents employees from discussing personal information over social network sites. Lastly employees will have a personal ID and password and all activities on company computers will be monitored and tracked. Monitoring and tracking activities on the network will help identify what information employees are accessing and transferring. Employees will be issued a security level and will only be able to access information in the Workstation Domain that corresponds with their security level clearance. Issuing security levels will stop...
Words: 403 - Pages: 2
...There are three domains that are affected by an “Internal Use Only” data classification standard. The three domains most affected by the classification are the: User domain, Workstation domain, and LAN domain. The User Domain: * Is made up of the people who can access the information system. With an AUP (Acceptable Use Policy) for this domain, any third party that requires access to the network must sign an AUP and a confidentiality agreement. This domain is considered one of the weakest and the most affected for a few reasons. 1st is the lack of user awareness to correct this you should conduct security training with all personal. 2nd if you have obvious security violations after that training then you need to place the employees on probation and review the AUP. 3rd when users are downloading various different files that do not conform to the established security guidelines then enabling content filtering and automatic antivirus scans would be wise. The Workstation Domain: * Is made up of the devices that employees use to connect to the IT infrastructure. Availability for this domain is necessary so that all employees can easily access any tools needed to perform their work duties. This domain requires strong security and controls because this is where users first access the system. It is also where sizeable damage to system can occur. Here are some problems the can happen with some corrective solutions. If you can have unauthorized user access situation;...
Words: 441 - Pages: 2
...Impact of Data Classification Standards The three IT infrastructures that will be used is the Workstation Domain, LAN Domain, and the User Domain. The workstation domain is going to help with security because only approved employees or personal will be able to access the entire company’s network. While certain employees will only have access to information that they absolutely need to be productive. Keeping the workstation domain well managed will prevent a lot of security issues since we know who is or isn’t on the network. The LAN Domain is how we will manage all of our connected computers to each other that have access to all the same materials. Once again there will be certain employees that will have more access than others to certain parts of the domain and its physical and data components. This particular domain needs a strong security control because unauthorized access to this domain would be hazards to the company because so much valuable information is stored on it. The User Domain is a simple domain that will control who may or may not access the information on the systems. It is not the highest secured domain but holds all people who use it accountable for their use because they will have to know and understand the basic use policies set in place. Also only certain users will have different access to certain things so all users will be responsible for the information they save and process on their work stations or at the computers that they are...
Words: 256 - Pages: 2
...Internal use only data classification would include the User domain, the workstation domain, and the LAN domain. These domains are the basic IT infrastructure domains, and they will cover all the users and workstations in the company. The Internal use only classification will cover info such as telephone directory, internal policy manuals, and new employee training material. The user domain is where only one user will have access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point. The User Domain will enforce an acceptable use policy to define what each user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the security of the environment. The Workstation Domain, the impact of data classification standard internal use only can possibly applied when a user violates AUP and generates security hazard for the establishment’s IT infrastructure. In order to prevent something like this from happening, the Richman Investments can hire a professional to train all employees for a security awareness campaign and programs throughout the year The LAN domain includes all data closets and physical as well as logical elements of the LAN. This domain needs strong security, being that it is the entry and exit points to...
Words: 300 - Pages: 2
...The following is a policy defining how data will be classified and how users will be able to access that data. New user accounts can be setup within Active Directory New Users and Computers (Create a new user account, 2005, January 21). This will allow the Administrator to create a User name and a unique password for that user. Once this is done, the user can then be placed in a group (Create a new group, 2005, January 21). This group will depend on what role the user will be fulfilling; for example if the user will be in the accounting department, they will be placed in the accounting group. Once the User has been specified into a group, then permissions can be applied for that group. For example, the accounting department may have two different groups – Users and Managers. Any file that has to deal with accounting can then have their permissions modified depending on the role of the user. This will also allow the administrator to setup the data classification of least privilege. To fulfill their job Managers will need to the option to read and write files, and to create new folders. This allows the manager to complete their job without having too much access. The User group will only need access to List Folder/Read data (Stanek, W. n.d.). This allows the user to read the information within the file but does not allow them to change any information within the folder. Lastly, any changes that are made within the system need to be documented for reference. Documentation of these...
Words: 526 - Pages: 3
...Impact of a Data Classification Standard Sir: The following IT infrastructure domains that are being affected by the “Internal Use Only” data classification are: the user domain, the workstation domain, the LAN to WAN domain, and the remote access domain. Each of these has their own sets of problems. I will describe each problem for each domain and make a recommendation on how to rectify the situation. The user domain is where the access rights for each employee starts. I observed that many of the employees were not following the company’s policies of securing data. When questioned several of the employees stated that they were not aware of the policies. I would recommend that there is a semiannually security awareness training conducted for all employees. I also noted that there were quite a few individuals using personal USB drives with personal photos, music, and documents on them. I would recommend that each time an employee plugs in a personal device to a computer that an automatic scan occur with no way for the employee to stop the scan. The workstation domain is the second domain that I observed data compromising occurring. In my observations I noticed that many of the employees do not log off or lock their computer screens when they are away from their computer thereby making it easy for anyone to walk by and have access to the information they are authorized to use. I have several recommendations for this. One is to post a memo reminding employees...
Words: 496 - Pages: 2
...8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework NT2580 Unit 7 Policy Definition and Data Classification Standard Home ITT Tech NT NT 2580 NT2580 Unit 7 Policy Definition and Data Classification Standard You have successfully unlocked this document. You have 24 more unlocks available. Was this document helpful? Yes Download Document https://www.coursehero.com/file/11610135/NT2580Unit7PolicyDefinitionandDataClassificationStandard/?timestamp=20150801105100 1/6 8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework Share and earn access CorporalStarViper9176 ITT Tech Follow 3 1787 302 https://www.coursehero.com/file/11610135/NT2580Unit7PolicyDefinitionandDataClassificationStandard/?timestamp=20150801105100 2/6 8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework VIEWS UNLOCKS 0 1 HELPFUL UNHELPFUL 0 0 About this Document SCHOOL ITT Tech COURSE NT 2580, Summer 2014 COURSE TITLE Introduction to Information Security PROFESSOR MR J TYPE Homework PAGES 1 WORD COUNT 206 Is this correct? Flag Get Help in NT 2580 https://www.coursehero.com/file/11610135/NT2580Unit7PolicyDefinitionandDataClassificationStandard/?timestamp=20150801105100 ...
Words: 487 - Pages: 2