Personal association if the data contains personal

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Personal Association – If the data contains personal information it should remain classified Distribution may be required in the event of the following : n Court Order – may be required by court order
Image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Government Contracts – government contractors may need to disclose classified information n Senior Level Approval – senior executives may approve release Information Classification Roles Owner n May be executive or manager n Owner has final corporate responsibility of the data protection n Makes determination of classification level n Reviews classification level regularly for appropriateness n Delegates responsibility of data protection to the Custodian Custodian n Generally IT systems personnel n Running regular backups and testing recovery n Performs restoration when required n Maintains records in accordance with the classification policy User n Anyone the routinely uses the data n Must follow operating procedures n Must take due care to protect n Must use computing resources of the company for company purposes only Policies Standards, Guidelines and Procedures n Policies are the highest level of documentation n Standards, Guidelines and Procedures derived from policies n Should be created first, but are no more important than the rest Senior Management Statement – general high-level statement n Acknowledgment of importance of computing resources n Statement of Support for information security n Commitment to authorize lower level Standards, Guidelines and Procedures Regulatory Policies – company is required to implement due to legal or regulatory requirements n Usually very detailed and specific to the industry of the organization n Two main purposes n To ensure the company is following industry standard procedures n To give the company confidence they are following industry standard procedures Advisory Polices – not mandated but strongly suggested. n Company wants employees to consider these mandatory. n Advisory Policies can have exclusions for certain employees or job functions Informative Policies n Exist simply to inform the reader n No implied or specified requirements Standards, Guidelines and Procedures n Contain actual detail of the policy n How the policies should be implemented n Should be kept separate from one another n Different Audiences n Security Controls are different for each policy type n Updating the policy is more manageable
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern