Information Classification for a Bank and a University - Essay Example

Business Test Styles Name Institution Date Introduction Information classification is very important for organizations. Organizations are in possessions numerous types of information that need to be classified basing of their integrity, value to the firm, confidentiality, and availability. Information classification is important for various reasons. Firstly, organizations need to protect personal information. The clients can have trust in the organization when they know that their private information will not be exposed to the public. Moreover, the organization has to protect confidential information from unauthorized access. Information about the strategy of the company and its impending methods of entry to new market has to be kept confidential. Sometime it is good when the organization get competitors off guard (Jay & Cherryl, 1998). The organization has also to protect intellectual property and should not disclose is methods of production to competitors of the public. The organization has also to classify information since it supports routine disclosure and active dissemination. There is the type of information that has to be disseminated to the public. Investors and potential customers have to learn more about the organization before they decide to invest or to buy anything. The government has also a right to certain types of information from the organization in order to carry out its functions like taxation and licensing. Therefore, information classification is invaluable for all organizations (Whitman & Mattord, 2011). The information classification just varies from one type of organization to the other. What may be confidential to a bank is not the same for a hospital or a university. This assignment discusses information classification for a bank and a university. Information types and threats The information needs of a university and a bank are very different. While a bank has the objective of seeking more clients to invest with it, a university seeks to attract students to enroll for degree programs. A bank has to protect customer information from any improper disclosure that may jeopardize the relationship of the bank and the client. University information classification Confidential information Confidential information needs the highest degree of protection from any unauthorized tampering, disclosure, or access. This is regardless of whether it is in digital format or hard copy. Such information includes sensitive information about faculty, students, staff, users of university facilities and services, and the university itself. All electronically protected or personally identifying information has to be classified as confidential information, including information governed by the federal or local law. All documentation containing electronically protected or personally identifying information should be labeled ‘Confidential’ and handled with care. Authorized data steward have to manage closely the storage and access of confidential information. Confidential information has to be secured in accordance with the university security policy. There is also information which is protected by the federal laws and regulations. The Family Educational Rights and Privacy Act is in place to protect a range of personal information and records concerning former and current students, including and not restricted to, university judicial, academic records, and grades (Shepherd & Yeo, 2003). The Health Insurance Portability and Accountability Act governs the use of health information that is protected, including information which can identify an individual and concerns individual’s future, present, or past mental or physical health; or future payment for health care; or the provision of health care to the individual. Personally identifiable information includes: Date of birth Social security number Place of birth Dependents Traditional password identifiers like name of favorite pet or mother’s maiden name Bank account numbers Driver’s license numbers Passport number Credit card numbers and Income tax records Internal-Use-Only Internal-use-only kind of information needs moderate protection from tampering or unauthorized access. If information does not have something that must be labeled as confidential, then data stewards are at the liberty of classifying it as ‘Internal-Use-Only’. Data stewards are in charge of monitoring the daily management of institutional data confidentiality, availability, and integrity, and limit distribution. Internal-Use-Only information in a university can be disclosed to any person outside or within the university. Despite the absence of security mechanism to control dissemination and disclosure, the information has to be protected from unauthorized destruction or modification (Relyea, 2010). Internal memos, E-mail, and correspondence may be labeled as Internal-Use-Only if they do not contain anything that can be labeled as ‘confidential’. Public information This information in a university needs basic protection from unauthorized tampering. This information can be disseminated and disclosed to anyone. The diagram below shows some of the information ontology in a university or learning institution. In a university students can only access their grades but the user icons should be limited to bar them from changing anything. Individual students must not access of information grades and fees balance of other students. A bank information classification Confidential information Clients provide huge amounts of information to a bank in seeking to bank with it or obtain financing. Clients trust that the bank will keep the information as confidential. Disclosing of unauthorized information by the bank management may affect the client’s relationship with the bank adversely. Consequently a bank has to classify information and regulate accessibility to such information. Only authorized individual are allowed to handle the information. Confidential information in a bank includes information about the client such as that listed under the university as confidential (Shepherd & Yeo, 2003). Salaries and wages of workers are also classified as confidential. The threat of disclosing such information can be very negative to the firm since employees may judge each other personally about the pay package. It may lead to internal rivalry as employees seek to outside each other. Disclosing top secrets of the bank to competitors may lead to the bank abandoning a hitherto well-though-out strategy. Imitations and challenging by competitors makes it important for the business to be careful with the person who is in charge of top secrets of the company. Internal-use-only Internal-Use-Only information will include procedures and regulations that govern the carrying out of duties and obligations within the bank. Reward systems and disciplinary measures for deviant behavior all fall in the category of internal-use-only. This information is accessible to anyone within the bank. Public Public information includes share prices and the banks mission statement. This is information which accessed by anybody in the public. Information ontology that can be found in an organization such as a bank is depicted in the following diagram; Information classification system A classification system is the set of conventions and terms applied in a particular organizational context to classify, retrieve and title records and any other business information. There must be consistency in the classification system. Sharing client’s information in a bank is a threat to the trust that customers have with that bank (Williamson & Beghtol, 2004). A student will not be happy if he knows that everyone else knows about the grades he scored. Consequently, it is the duty of these organizations to guard private and personal information. Users of any particular information have to get consent from relevant authority if the information is labeled as confidential. A tentative list of the different types of information found within a university and a bank are should in the table below. classification Institution confidential Internal-use-only Public University -Students personal information -staff personal information -internal Rules and regulations -disciplinary measures -staff promotion procedures -courses being offered -calendar of events -faculty information -university motto Bank -Clients’ personal information -the banks top-secret strategies -Internal rules and regulations -reward schemes -procedure for dismissal -stock prices -loan application procedures -opening a/c procedures -mission and vision statement Information classification system for a university The classification of information in a university is easier to manage as compared to a bank. A university does not have highly sensitive information like a government security agency. Therefore, it is logical for information within the university to be classified in barely three basic categories that includes public information, Internal-Use-Only, and confidential information. Information classification system in a university has to commence with functions that perform certain action to either deny or give access to a user in regard to the type of information being sought. Record keeping requirements Classification tool classification Public Internal-use-only confidential The classification tool decides which kind of information is being sought by the user. If it is confidential information, the system goes ahead to ask the interrogation of the disposal authority through using of special security codes in order to retrieve such information. Public information can be asked by anybody. Staff members and students can give some personal information like student’s identification card number or the employee social security number in order to access internal-use-only information. Access to personal information is restricted to the individual and the relevant authorities concerned. Information classification system for a bank The classification system of a bank is not very different from that of a university but it must have an additional category that guards the top secrets of the bank. Competitors do not have to learn about the strategies that the bank is going to use to lure customers. Information system can utilize colors to symbolize the accessibility of any information within the bank. Red color can be used to label highly sensitive information that is restricted to a few people (Myburgh, 2002). Amber can be used to mark sensitive information that do not fall the category of top secret. Normal business information will be marked by green color while public information will use the white color. Once a use sees that the information is marked red, he understands that is highly sensitive information that cannot be accessed. Client information has to be secret in order to build trust between the bank and its clients. When the clients know that their personal information was disclosed without their consent, they become devastated. User Records requirement Classification System administrator The bank is at risk when it discloses the personal information of clients and that is why extra care and more classifications of information have to be used. Conclusion Classification of information is very important for easy retrieval of any needed information. Moreover, organizations have to win the trust of their clients by keeping personal information confidential. Every organization has its own classification system that suits the needs of that organization. In this assignment the information types, needs and classification systems of a bank and a university have been explored. A bank has top secrets that need to be kept at all cost. A university has secret checks to any classified information. The objective is to allow only authorized people to access the information. References Shepherd, E. & Yeo, G. (2003). Managing records: a handbook of principles and practices. Facet Publishing: Sydney. Jay, K. & Cherryl, S. (1998). Records Management: A guide to corporate record keeping. Melbourne: Longmans. Myburgh, S. (2002). Strategic information management: understanding a new reality in The Information Management Journal, 36 (1) Williamson, N. & Beghtol, C. (2004). Knowledge Organization and Classification in International Information Retrieval. New York: Taylor & Francis. Relyea, H.C. (2010). Security Classified and Controlled Information: History, Status, and Emerging Management Issues. New Jersey: DIANE Publishing. Whitman, M.E. & Mattord, H.J. (2011). Principles of Information Security. New York: Cengage Learning. Read More