For external requirements, penalties are imposed by state authorities and can range from minuscule amounts to very serious consequences. (2019 Intuit Inc.) Lastly, COBIT and NIST areframeworks to assist with governance and overall micro regulating. COBIT aids by connecting the separation amongst business risks and problems through good practices, behaviors, and policy development. COBIT's success as an increasingly internationally accepted set of guidance materials for IT governance has resulted in the creation of a growing family of publications and products designed to assist in the implementation of effective IT governance throughout an enterprise.(2019 ISACA) NIST is the National Institute of Standards and Technology and it focuses on advancing and maintaining standards of measure. Its primary purpose to incorporate advancement of development and standards to improve overall security and quality within organizations. II.Analyzing Business to Determine RiskData SchemeData Classification Schema is important in assisting a company to properly organize, secure, control, and disperse public and private conversation. Information is divided into predefined groups that share a common risk, and the corresponding security controls required to secure each group type are identified. (Sirius Computer Solutions, Inc.) Schema allows for sensitive information and data to be free or minimized of risks, it helps to make appropriate decisions and allows for effectiveness of solutions and operations8
Confidential Company Data/Information (Confidential)Confidentiality is the protection of personal information. (State of New South Wales, Department of Education and Training, 2009) In relation, to the successful operations of this company, this particular data pertaining to the well-being of the customer, shareholders, or third party administrator that the company does business and/or transactions with has to, by JP Morgan Chase & Co. standards, has to remain private, confidential, and concealed. The level of sensitivity related to this data is high. Exposure, mishandling, redistribution of this information could negatively affect and compromise the reputation and operations of JP Morgan Chase. This company has crucial duty to protect this information and prevent it from being accessed and obtained by unauthorized internal personnel, external personnel, or any persons with no permission or granted access. Examples of confidential info within the company are: Employee reviews, private assessments or reports, service records and file progress notes, individual personal plans or goal setting metrics, incoming or outgoing correspondence, details of funding agreements or confidentiality agreement, company strategic planning information, vendor and third-party contracts, etc.