Data Classification 52 Data stored or transferred by information resource

Data classification 52 data stored or transferred by

This preview shows page 120 - 124 out of 135 pages.

Data Classification (5.2) Data stored or transferred by information resource assets owned by the State Government shall be classified according to the definition of “Personal Information” or “Confidential Records” as specified by applicable State and/or Federal law and regulations to indicate the need, priorities and degree of protection it will receive. At a minimum data shall be classified as public or confidential. Refer to the State Government Data Classification Standards in Section 6.12. Public Data Classification Control (5.2.1) Data classified as public shall be protected from unauthorized modification or destruction. Refer to the State Government Data Classification Standards in Section 6.12. Confidential Data Classification Control (5.2.2) Data classified as confidential shall be protected from unauthorized disclosure, use, modification or destruction. Refer to the State Government Data Classification Standards in Section 6.12. RESPONSIBILITIES: Office of Information Resources OIR is responsible for the development and maintenance of the statewide information resources asset classification requirements. OIR shall identify asset custodians for the information resources under their direct control. OIR asset custodians shall classify the assets under their control at the time the assets are assigned or created. Asset classification and maintenance can be delegated to an asset steward supervised by the asset custodian. For Public Release
Image of page 120
RFP-427.04-107-08 Agency Agencies are responsible for identifying asset custodians for the resources under their direct control. Agency asset custodians shall classify the assets under their direct control at the time the assets are assigned or created. Asset classification and maintenance can be delegated to an asset steward supervised by the asset custodian. Users Users shall responsibly work with the assets they are assigned and due care shall be taken to protect any mobile computing asset from theft or destruction. Users shall not provide access to information resource assets without obtaining authorization from the asset custodian. For Public Release
Image of page 121
RFP-427.04-107-08 6. PERSONNEL SECURITY POLICY Personnel Background Investigation (6.1) Current Gap Acceptable Use Policy (6.2) Refer to Attachment 6.10 – State Government Acceptable Use Policy
Image of page 122
RFP-427.04-107-08 7. PHYSICAL AND ENVIRONMENTAL SECURITY POLICY Physical access to the State Government’s information resource assets and infrastructure will be restricted to individuals who require that access to perform their job function. OBJECTIVES: To prevent unauthorized access, damage or interference to State Government premises and information. To prevent loss, damage or compromise of processing equipment or network components.
Image of page 123
Image of page 124

You've reached the end of your free preview.

Want to read all 135 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture