StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Asset Classification Policies and Procedures - Essay Example

Cite this document
Summary
In this section, the manual will deal with appropriate categorization of company assets. It will deal with the management and classification of assets with regard to their impact on the information security policies and procedures…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.9% of users find it useful
Asset Classification Policies and Procedures
Read Text Preview

Extract of sample "Asset Classification Policies and Procedures"

Asset ification Policies and Procedures In this section, the manual will deal with appropriate categorization of company assets. It will deal with the management and classification of assets with regard to their impact on the information security policies and procedures. A Information Classification/Sensitivity Levels Rubric Company classifies its information in three different levels, namely public data, sensitive data and confidential data. The objective of classifying information into three different levels is to ensure that information may not be misused or mishandled by the employees in the firm. It allows employees to deal with information in the required manner and to prevent confidential information to be redirected to people outside of the organization without proper written authorization. This includes protecting the information from being channeled to the wrong parties through any means including electronic devices such as videos, telephones, computers etc. For information to be handled properly, employees are required to have a working knowledge of the categorization of information into the three provided categories. Employees should be able to categorize the information before forwarding it further. If at some point, employees are confused about properly categorizing the information, the proper course of action is to classify it as confidential while an appropriate supervisor would later review and properly classify. Information classification is as follows: Public Data- As the name suggests, such data is usually open to the public and is easily available. Disclosure of such data does not put the firm in any kind of risk; however certain controls are required to be enforced on such data to prevent modification or destruction of the data by unauthorized parties; Sensitive Data- Data is classified as sensitive data when disclosures of such information publically can result in potential risk for the organization or its people. Such information may be provided to others on a discretionary basis and under the supervision of the data owner. Confidential Data – Confidential data is the most sensitive data within the organization and unauthorized disclosure of such information can result in significant risk for the firm. The highest level of security and control are applied on such information (Michigan Technology University, n.d). A. System Impact Levels The System Impact level will determine the impact of activities on the system on a scale of one to five with five being the most crucial impact and one having the least crucial impact. Since Rubric Company is an advertising agency, system directly impacting the clients will fall under the rating of five. This rating of five will also extend to all relatable critical components and their sub systems (Carnegie Mellon, 2011). Advertising agencies such as Rubric Company are bound by the Federal Trade Commission act, and thus they are required to protect the confidential information trusted upon them by their clients. Such information will be classified under level 3 of the system impact level. On the other hand, human resource system will be classified under level 1 of the system impact level. B. Information Systems Inventory and Criticality Ratings In order to determine the impact of system on Rubric Company, it is important to evaluate information systems inventory and criticality ratings. The system impact levels are based on a rating of 10 point scale; one being assigned to system falling under low criticality while 10 being assigned to the most critical activities. Furthermore, the systems are also further classified under tiers according to their importance for the firm; with Tier 1 being the most critical systems and Tier 4 as the least critical. Rubric Company classified two systems under Tier 1. It classifies the email system under Tier 1 which is responsible for managing and monitoring communication of information within and outside the organization. Clients accept artworks and send instructions via email to the client representative which is subsequently forwarded it to the designer. Properly managing the information is critically for the smooth running of the agency; therefore this system has been placed on level five of the system impact level rating. Another Tier 1 activity is the Demdex data management system that the agency uses to manage its data and keep client and employees informed. This system ensures that work flow remains smooth and thus has been classified as level 5. The Tier 1 system activities are the basis of the agency’s success and without their smooth operation, the agency would be greatly hampered. Tier 2 activities are critical for the organization and are a necessary part of the institution. These include the financial data, Web server, the network server, the backup server and the email system. The financial server is responsible for storing and managing all aspects of the financial aspect of the agency. These include salaries to the employees, overhead expenses, client fees, purchasing assets etc. The system impact level of this is level 5. The webserver and network system is the agency’s delivery system for internal as well as external information. These systems are responsible for integral communication of the employees within the organization and to connect with the outside world. Since there is private communication between the employees regarding different jobs, therefore the system level for this aspect is 5. In terms of criticality rating, this system is placed at level 8. The next tier is Tier 3, which is medium priority level. This level encompasses the Human Resource department that manages employee data along with their salary scope. Properly managing the employee data and information is critically for the smooth running of the agency; therefore this system has been placed on level five of the system impact level rating. The last Tier includes the web site server which holds a low priority. This system is responsible for updating potential and existing clients about the agency and their latest work. Information protection is low for this system and thus has been placed in level 1. References Carnegie Mellon (2011) Guidelines for Data Classification, Retrieved from http://www.cmu.edu/iso/governance/guidelines/data-classification.html [Accessed 3 February, 2013] Michigan Technology University (n.d) Data Classification and Handling Policy, Retrieved from http://security.mtu.edu/policies-procedures/DataClassificationAndHandlingPolicy.pdf [Accessed 3 February, 2013] Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Asset Classification Policies and Procedures Essay”, n.d.)
Asset Classification Policies and Procedures Essay. Retrieved from https://studentshare.org/information-technology/1613646-asset-classification-policies-and-procedures
(Asset Classification Policies and Procedures Essay)
Asset Classification Policies and Procedures Essay. https://studentshare.org/information-technology/1613646-asset-classification-policies-and-procedures.
“Asset Classification Policies and Procedures Essay”, n.d. https://studentshare.org/information-technology/1613646-asset-classification-policies-and-procedures.
  • Cited: 0 times

CHECK THESE SAMPLES OF Asset Classification Policies and Procedures

The General Plans of Information Risk Management

There are some information risk controls that are designed through other policies and plans.... hellip; Information classification is the process of identifying and classifying information assets to ensure that they are handled, distributed, stored, and disposed of in accordance with their criticality and sensitivity.... his section of the Company IRM plans aims to set out the minimum baseline plans which apply to the classification and handling of information assets, in all formats or media, created or received by Flayton Electronics (or on its behalf) in the performance of business activities....
8 Pages (2000 words) Assignment

Auditing of Havelock Company

nbsp;… Once the individual items of the balance sheet of Showcard have been verified, the assurance has to be obtained as to correct classification of it.... The paper "Auditing of Havelock Company" discusses that there is a risk that cash inflows obtained from the sale of Showcard are misclassified in Operating revenue for improving the profitability of the group....
8 Pages (2000 words) Research Paper

Audit Risk of a Scapa Company

The rationale for such classification of exceptional items has to be inquired for.... This variation is mainly because of the re-classification of the assets of the Georgia subsidiary (Scapa Group, 2013c).... The impression that the conditions of disposal existed at the balance sheet is not true because those were the conditions of classifying the asset as held for sale.... Secondly, the discounted asset has not been unwound by the rate used in this year....
7 Pages (1750 words) Case Study

Fixed Assets, Inventory, and Accounts Receivable Audit

Audit program [Insert al affiliation] FIXED ASSETS AUDIT PROGRAMM (PROCEDURE Obtain an understanding of the client's policies and procedures with respect to capitalization and Depreciation methods used.... hellip; Obtain the understanding of the procedures used by the client to summarize, reconcile and value the inventory and test the following count procedure.... Obtain the understanding of the procedures used by the client to summarize, reconcile and value the inventory and test the following count procedure: (the inventory sample was selected through a systematic sampling of picking every third inventory item i....
1 Pages (250 words) Assignment

Enterprise Security Policy Plan for MEMATECH Solutions Limited

emaTech is required to implement procedures, associated policies, and controls that safeguard the company's information assets, including personal information and Information Resources from all attacks, where external, internal, accidental, or deliberate.... The program is a management system representing the controls and policies implemented within the company.... An effective and efficient management system offers both the users and the management control to secure the information asset of the company, its sensitive information and must take note of the lifecycle of the Information Security Program....
5 Pages (1250 words) Case Study

Tools Used in Tightening Information Security

Fundamentally, there are implemented policies for informing people on how to utilize products and on how to make sure that there is information security in the organizations.... … Information SecurityIntroductionInformation security refers to the maintenance of privacy and integrity within the storage and transmission of information....
13 Pages (3250 words) Essay

Information and Communication Technology Management and Information Security

The Project Management Body of Knowledge (PMBOK) consists of a set of procedures and various knowledge areas normally acknowledged as most excellent practice inside the project management control.... The Project Management Body of Knowledge (PMBOK) consists of a set of procedures and various knowledge areas normally acknowledged as the most excellent practice inside the project management control.... In this scenario, PMBOK offers 5 fundamental procedures along with 9 knowledge of different knowledge areas usually for almost all kinds of projects....
6 Pages (1500 words) Assignment

Information Classification Scheme 3D Media Comm. Ltd

A standard data classification is analyzed that addresses a standard data classification scheme, risk assessment, the required considerations for classification, the data security control requirements, and the general data management procedures.... Information Manager: He/she is responsible for developing general procedures and guidelines for the management, access to the data and its security as in general, (Recio, 2017.... … The paper "Information classification Scheme 3D Media Comm....
12 Pages (3000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us