{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

Module One

Useful life if the information is made obsolete it

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Useful Life – If the information is made obsolete it can often be de-classified n Personal Association – If the data contains personal information it should remain classified Distribution may be required in the event of the following : n Court Order – may be required by court order
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
n Government Contracts – government contractors may need to disclose classified information n Senior Level Approval – senior executives may approve release Information Classification Roles Owner n May be executive or manager n Owner has final corporate responsibility of the data protection n Makes determination of classification level n Reviews classification level regularly for appropriateness n Delegates responsibility of data protection to the Custodian Custodian n Generally IT systems personnel n Running regular backups and testing recovery n Performs restoration when required n Maintains records in accordance with the classification policy User n Anyone the routinely uses the data n Must follow operating procedures n Must take due care to protect n Must use computing resources of the company for company purposes only Policies Standards, Guidelines and Procedures n Policies are the highest level of documentation n Standards, Guidelines and Procedures derived from policies n Should be created first, but are no more important than the rest Senior Management Statement – general high-level statement n Acknowledgment of importance of computing resources n Statement of Support for information security n Commitment to authorize lower level Standards, Guidelines and Procedures Regulatory Policies – company is required to implement due to legal or regulatory requirements n Usually very detailed and specific to the industry of the organization n Two main purposes n To ensure the company is following industry standard procedures n To give the company confidence they are following industry standard procedures Advisory Polices – not mandated but strongly suggested. n Company wants employees to consider these mandatory. n Advisory Policies can have exclusions for certain employees or job functions Informative Policies n Exist simply to inform the reader n No implied or specified requirements Standards, Guidelines and Procedures n Contain actual detail of the policy n How the policies should be implemented n Should be kept separate from one another n Different Audiences n Security Controls are different for each policy type n Updating the policy is more manageable
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 5

Useful Life If the information is made obsolete it can...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon bookmark
Ask a homework question - tutors are online