SlideShare une entreprise Scribd logo

Information classification

Télécharger en tant que PPTX, PDF
Jyothsna Sridhar
Jyothsna Sridhar

Information, wherever it is handled or stored needs to be protected from unauthorized access, modification , disclosure, and destruction

Formation
1  sur  25
INFORMATION CLASSIFICATION AND INFORMATION HANDLING BY, JYOTHSNA.S
INFORMATION CLASSIFICATION •Introduction •Classification process •Reclassification
INTRODUCTION • Information, wherever it is handled or stored needs to be protected from unauthorized access, modification , disclosure, and destruction. • Three basic classifications of information have been established. INFORMATION CONFIDENTIAL INTERNAL USE PUBLIC
CONFIDENTIAL DATA • DEFINITION: Information that, if disclosed, could:  Violate the privacy of individuals.  Reduce the company’s competitive advantage  Cause damage to the company. • EXAMPLES:  Personnel records of individuals.  Customer information, shareholders information , vendor information  Specific operating plans, marketing plans, or strategies.  Specific business strategies and directions.  Major changes in the company’s management structure
• DISCUSSION:  Information should be protected according to its sensitivity, criticality, and value.  It is estimated that approximately 5 to 15 percent of corporate information should be classified as Confidential.  Information regarded as sensitive should be labelled as Confidential.
INTERNAL USE • DEFINITION:  Classify information as Internal Use when the information is intended for use by employees when conducting company business. • EXAMPLES:  Operational business information and reports.  Non company information that is subject to a nondisclosure agreement with another company.  Company phone book.  Corporate policies, standards, and procedures.  Internal company announcements.
• DISCUSSION:  This classification represents information that is used in the daily operation of the business and generally would not include planning or strategy development activities.  It is estimated that 70 to 90 percent of corporate information can be classified as Internal Use.  However, organizations such as customer accounting, legal, and personnel departments can be expected to have a larger percentage of Confidential information.
PUBLIC • DEFINITION:  Classify information as Public if the information has been made available for public distribution through authorized company channels.  Public information is not sensitive in context or content, and requires no special security. • EXAMPLE: The following are examples of Public information.  Corporate annual report.  Information specifically generated for public consumption, such as public service bulletins, marketing brochures, and advertisements.
• DISCUSSION:  Generally, information that is readily available from the public media or is a matter of public record is classified as Public.  It is estimated that 5 to 15 percent of corporate information can be classified as Public
CLASSIFICATION PROCESS • RECOMMENDED POLICY:  The owner is responsible for classifying information upon creation. • DISCUSSION:  Upon creation the creator of that information (generally the information owner) is responsible for immediate classification.  Information’s value to the company is heavily influenced by the extent to which its integrity is maintained and is available to those with a business need.  The information owner must be careful not to over-classify information created.
RECLASSIFICATION • RECOMMENDED POLICY:  The owner should review the classification of information at least annually for possible reclassification. • DISCUSSION:  The sensitivity of most classified information decreases over time.  Confidential information may become Internal Use, and Internal Use may eventually become Public.  Because Confidential information often has a more restricted audience than Internal Use information, it is important that information be properly classified to give the widest and most appropriate audience possible
INFORMATION HANDLING •Introduction •Information labelling •Information use and duplication •Information storage •Information disposal
INTRODUCTION • Information handling will help to identify standards and guidelines to help safeguard information during its useful life. • This process will take place once the information is obtained and classified.
INFORMATION LABELING • RECOMMENDED STANDARD:  All Confidential information must be clearly labeled with the word “Confidential.” Any information not specifically labelled should be treated as Internal Use RECOMMENDED PROCEDURE: All Confidential information is to be marked as follows:  The name of the owner and the date of preparation are to appear on the face of the document.  The document or any reproduction is to be stamped or marked Confidential at the top of the outside cover (if applicable) or on the title page.  Only Confidential information requires labelling. Public information should be labeled to identify its intended audience. Information not labeled should be protected as Internal Use.
INFORMATION USE AND DUPLICATION • RECOMMENDED STANDARD:  Information for which access has been authorized may only be used for purposes identified to and authorized by the information owner. • DISCUSSION:  When the information owner provides access to information, it is authorized on the basis of the requester’s established business need.  Access to information is approved for a stated purpose and does not imply that the requester has unrestricted use or authority to use for other purposes.  Sometimes the authorization given by the information owner to the user needs to be formal and written or can be verbal too.
INFORMATION STORAGE • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD: Information must be stored in a manner consistent with its classification as follows:  When not in use, information is to be appropriately stored.  Confidential information is to be stored and maintained only where it can be verified that access can be adequately controlled.
• DISCUSSION:  Information, particularly Confidential information, must be safeguarded not only while in use, but also when stored to protect against unauthorized access, modification.  This may mean that paper-based information may need to be stored in locked cabinets or desks while not in use.  For computer based information, this may mean physically locking the computer while not attended by an authorized individual or installing an access control software package to protect against unauthorized access.
INFORMATION DISPOSAL • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD:  Information must be appropriately destroyed in accordance with the organization’s records retention schedule.  Information no longer of value to the company should be destroyed.  Confidential information must be destroyed beyond ability to recognize and recover.
• DISCUSSION:  When the information no longer has value to the user, his or her copy of the information should be destroyed.  When the information no longer has value to the company, the information owner is responsible for disposal of the information originals.  For Internal Use information, this might mean simply throwing the report in the trash or deleting the file from the computer.  For Confidential information, however, additional care is necessary to ensure that the discarded information can-not be recognized or recovered by anyone.  Owners and users also need to ensure that all data backups of the information are also destroyed beyond recovery.
Information Security Program Administration • Publishing a set of policies and procedures is no assurance that anyone will ever read them. • Creating an employee awareness program is necessary to bring the information security message to all employees. • Before employees can accept an Information Security (IS) program, they must first understand why the program is necessary and what they will gain from its implementation. • To facilitate this process, a structure has been established to administer the program, its direction and scope .
CORPORATE INFORMATION SYSTEMS STEERING COMMITTEE • This committee, consisting of senior management who will share about the available and emerging information technologies to improve efficiency and effectiveness to meet the competitive challenges that lie ahead. • This group has approved and supports the vision and goals of the Information Security program. • They provide guidance, ensuring that the program is consistent with company goals, measures, and targets. • They ensure the availability of resources necessary for successful implementation and maintenance of the program.
CORPORATE INFORMATION SECURITY PROGRAM • Corporate Information Security Manager:  This individual will support and direct the corporate Information Security program.  This will be accomplished by ensuring that necessary resources are available. Corporate Information Security Coordinator  This individual is responsible for maintenance of the program’s vision, goals, and elements, and for proposing necessary changes to the IS Steering Committee for approval.  This individual will train and coordinate the organization IS coordinators, supporting them with regular contact, information security awareness tools, consultation, and ideas.  To ensure progress throughout the IS program life cycle, this individual will monitor each organizational unit’s progress and keep the Corporate IS Manager updated.
ORGANIZATION INFORMATION SECURITY PROGRAM • Organization Management They will be asked to promote the program by providing appropriate staff and other resources to ensure security of corporate information assets. It is crucial that they also support their organization IS coordinators in the development and maintenance of a local information security program. • Information Security Coordinators : Organization Coordinators:An Organization Information Security Coordinator is appointed by organization management to develop, implement, and maintain an organization IS program consistent with corporate and organization objectives Group Coordinators (Optional):Group Information Security Coordinators assist the Organization IS Coordinator in large organizations.
• Area Coordinators (Optional): Area Information Security Coordinators assist the Group IS Coordinator in large groups within an organization. Area IS Coordinators are appointed by the management of areas within a group to perform area-level duties that support the organization IS program. These individuals should perform area-level information risk assessments and may meet with area personnel to build their awareness of information security issues.
THANK YOU

Recommandé

Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 

Recommandé

Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
InformationSecurity
InformationSecurityInformationSecurity
InformationSecuritylearnt
 
System Security-Chapter 1
System Security-Chapter 1System Security-Chapter 1
System Security-Chapter 1Vamsee Krishna Kiran
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Data security
Data securityData security
Data securityAbdulBasit938
 
Data security
Data securityData security
Data securitySoumen Mondal
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
System security
System securitySystem security
System securitysommerville-videos
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Sensitive data
Sensitive dataSensitive data
Sensitive dataS.M. Towhidul Islam
 
Data security
Data securityData security
Data securityForeSolutions
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Quality of information
Quality of informationQuality of information
Quality of informationHaa'Meem Mohiyuddin
 
Information security
Information securityInformation security
Information securityLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security Shreedevi Tharanidharan
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 
System security
System securitySystem security
System securityinvertis university
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...Scottish Library & Information Council (SLIC), CILIP in Scotland (CILIPS)
 

Contenu connexe

Tendances

what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture NotesFellowBuddy.com
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Database Security Management
Database Security Management Database Security Management
Database Security Management Ahsin Yousaf
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness trainingSAROJ BEHERA
 

Tendances (20)

what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Information Security Lecture Notes
Information Security Lecture NotesInformation Security Lecture Notes
Information Security Lecture Notes
 
Data security
Data securityData security
Data security
 
Data security
Data securityData security
Data security
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 ppt
 
System security
System securitySystem security
System security
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Information security
Information securityInformation security
Information security
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Data security
Data securityData security
Data security
 
Database Security Management
Database Security Management Database Security Management
Database Security Management
 
Quality of information
Quality of informationQuality of information
Quality of information
 
Information security
Information securityInformation security
Information security
 
Introduction to Information Security
Introduction to Information Security Introduction to Information Security
Introduction to Information Security
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Isms awareness training
Isms awareness trainingIsms awareness training
Isms awareness training
 
System security
System securitySystem security
System security
 

En vedette

10 Traits Of A Great Employee
10 Traits Of A Great Employee 10 Traits Of A Great Employee
10 Traits Of A Great Employee Officevibe
 
Human Rights Presentation
Human Rights PresentationHuman Rights Presentation
Human Rights Presentationellaboi
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
 

En vedette (6)

Information classification
Information classificationInformation classification
Information classification
 
International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...
 
10 Traits Of A Great Employee
10 Traits Of A Great Employee 10 Traits Of A Great Employee
10 Traits Of A Great Employee
 
Human Rights Presentation
Human Rights PresentationHuman Rights Presentation
Human Rights Presentation
 
Human rights in_india
Human rights in_indiaHuman rights in_india
Human rights in_india
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 

Similaire à Information classification

Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001PECB
 
Data Classification .pptx
Data Classification .pptxData Classification .pptx
Data Classification .pptxshalinityagi112
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 
Clasify information in education field
Clasify information in education fieldClasify information in education field
Clasify information in education fieldNebojsa Stefanovic
 
marketing information system-chapter two
marketing information system-chapter twomarketing information system-chapter two
marketing information system-chapter twoHailemariam Kebede
 
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانیBusiness Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانیHosseinieh Ershad Public Library
 
IT6701 Information Management Unit - V
IT6701 Information Management Unit - VIT6701 Information Management Unit - V
IT6701 Information Management Unit - Vpkaviya
 
Cost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityCost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityPrithvi Ghag
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writingPasangdolmoTamang
 
20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.ppt20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.pptabhichowdary16
 
PIPL - Practice Area Business Intelligence
PIPL - Practice Area Business IntelligencePIPL - Practice Area Business Intelligence
PIPL - Practice Area Business IntelligenceDr. Sanjeev B Ahuja
 
Solution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an OrganizationSolution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an OrganizationOrlando Trajano
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 
Is202 – workshop 1
Is202 – workshop 1Is202 – workshop 1
Is202 – workshop 1Shaheen Khan
 

Similaire à Information classification (20)

Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
 
Data Classification .pptx
Data Classification .pptxData Classification .pptx
Data Classification .pptx
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
Clasify information in education field
Clasify information in education fieldClasify information in education field
Clasify information in education field
 
marketing information system-chapter two
marketing information system-chapter twomarketing information system-chapter two
marketing information system-chapter two
 
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانیBusiness Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
 
IT6701 Information Management Unit - V
IT6701 Information Management Unit - VIT6701 Information Management Unit - V
IT6701 Information Management Unit - V
 
Cost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityCost benefit analysis vs confidentiality
Cost benefit analysis vs confidentiality
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Hippa powerpoint 92613
Hippa powerpoint 92613Hippa powerpoint 92613
Hippa powerpoint 92613
 
Hippa powerpoint 92613
Hippa powerpoint 92613Hippa powerpoint 92613
Hippa powerpoint 92613
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writing
 
20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.ppt20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.ppt
 
PIPL - Practice Area Business Intelligence
PIPL - Practice Area Business IntelligencePIPL - Practice Area Business Intelligence
PIPL - Practice Area Business Intelligence
 
Ais section ch1
Ais section ch1Ais section ch1
Ais section ch1
 
Solution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an OrganizationSolution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an Organization
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
 
Is202 – workshop 1
Is202 – workshop 1Is202 – workshop 1
Is202 – workshop 1
 

Plus de Jyothsna Sridhar

Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things Jyothsna Sridhar
 
Connecting social media to e commerce system
Connecting social media to e commerce systemConnecting social media to e commerce system
Connecting social media to e commerce systemJyothsna Sridhar
 

Plus de Jyothsna Sridhar (6)

Hololens
HololensHololens
Hololens
 
Presentation1
Presentation1Presentation1
Presentation1
 
Svv
SvvSvv
Svv
 
Htc vive
Htc viveHtc vive
Htc vive
 
Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things
 
Connecting social media to e commerce system
Connecting social media to e commerce systemConnecting social media to e commerce system
Connecting social media to e commerce system
 

Dernier

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 

Dernier (20)

Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 

Information classification

  • 3. INTRODUCTION • Information, wherever it is handled or stored needs to be protected from unauthorized access, modification , disclosure, and destruction. • Three basic classifications of information have been established. INFORMATION CONFIDENTIAL INTERNAL USE PUBLIC
  • 4. CONFIDENTIAL DATA • DEFINITION: Information that, if disclosed, could:  Violate the privacy of individuals.  Reduce the company’s competitive advantage  Cause damage to the company. • EXAMPLES:  Personnel records of individuals.  Customer information, shareholders information , vendor information  Specific operating plans, marketing plans, or strategies.  Specific business strategies and directions.  Major changes in the company’s management structure
  • 5. • DISCUSSION:  Information should be protected according to its sensitivity, criticality, and value.  It is estimated that approximately 5 to 15 percent of corporate information should be classified as Confidential.  Information regarded as sensitive should be labelled as Confidential.
  • 6. INTERNAL USE • DEFINITION:  Classify information as Internal Use when the information is intended for use by employees when conducting company business. • EXAMPLES:  Operational business information and reports.  Non company information that is subject to a nondisclosure agreement with another company.  Company phone book.  Corporate policies, standards, and procedures.  Internal company announcements.
  • 7. • DISCUSSION:  This classification represents information that is used in the daily operation of the business and generally would not include planning or strategy development activities.  It is estimated that 70 to 90 percent of corporate information can be classified as Internal Use.  However, organizations such as customer accounting, legal, and personnel departments can be expected to have a larger percentage of Confidential information.
  • 8. PUBLIC • DEFINITION:  Classify information as Public if the information has been made available for public distribution through authorized company channels.  Public information is not sensitive in context or content, and requires no special security. • EXAMPLE: The following are examples of Public information.  Corporate annual report.  Information specifically generated for public consumption, such as public service bulletins, marketing brochures, and advertisements.
  • 9. • DISCUSSION:  Generally, information that is readily available from the public media or is a matter of public record is classified as Public.  It is estimated that 5 to 15 percent of corporate information can be classified as Public
  • 10. CLASSIFICATION PROCESS • RECOMMENDED POLICY:  The owner is responsible for classifying information upon creation. • DISCUSSION:  Upon creation the creator of that information (generally the information owner) is responsible for immediate classification.  Information’s value to the company is heavily influenced by the extent to which its integrity is maintained and is available to those with a business need.  The information owner must be careful not to over-classify information created.
  • 11. RECLASSIFICATION • RECOMMENDED POLICY:  The owner should review the classification of information at least annually for possible reclassification. • DISCUSSION:  The sensitivity of most classified information decreases over time.  Confidential information may become Internal Use, and Internal Use may eventually become Public.  Because Confidential information often has a more restricted audience than Internal Use information, it is important that information be properly classified to give the widest and most appropriate audience possible
  • 12. INFORMATION HANDLING •Introduction •Information labelling •Information use and duplication •Information storage •Information disposal
  • 13. INTRODUCTION • Information handling will help to identify standards and guidelines to help safeguard information during its useful life. • This process will take place once the information is obtained and classified.
  • 14. INFORMATION LABELING • RECOMMENDED STANDARD:  All Confidential information must be clearly labeled with the word “Confidential.” Any information not specifically labelled should be treated as Internal Use RECOMMENDED PROCEDURE: All Confidential information is to be marked as follows:  The name of the owner and the date of preparation are to appear on the face of the document.  The document or any reproduction is to be stamped or marked Confidential at the top of the outside cover (if applicable) or on the title page.  Only Confidential information requires labelling. Public information should be labeled to identify its intended audience. Information not labeled should be protected as Internal Use.
  • 15. INFORMATION USE AND DUPLICATION • RECOMMENDED STANDARD:  Information for which access has been authorized may only be used for purposes identified to and authorized by the information owner. • DISCUSSION:  When the information owner provides access to information, it is authorized on the basis of the requester’s established business need.  Access to information is approved for a stated purpose and does not imply that the requester has unrestricted use or authority to use for other purposes.  Sometimes the authorization given by the information owner to the user needs to be formal and written or can be verbal too.
  • 16. INFORMATION STORAGE • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD: Information must be stored in a manner consistent with its classification as follows:  When not in use, information is to be appropriately stored.  Confidential information is to be stored and maintained only where it can be verified that access can be adequately controlled.
  • 17. • DISCUSSION:  Information, particularly Confidential information, must be safeguarded not only while in use, but also when stored to protect against unauthorized access, modification.  This may mean that paper-based information may need to be stored in locked cabinets or desks while not in use.  For computer based information, this may mean physically locking the computer while not attended by an authorized individual or installing an access control software package to protect against unauthorized access.
  • 18. INFORMATION DISPOSAL • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD:  Information must be appropriately destroyed in accordance with the organization’s records retention schedule.  Information no longer of value to the company should be destroyed.  Confidential information must be destroyed beyond ability to recognize and recover.
  • 19. • DISCUSSION:  When the information no longer has value to the user, his or her copy of the information should be destroyed.  When the information no longer has value to the company, the information owner is responsible for disposal of the information originals.  For Internal Use information, this might mean simply throwing the report in the trash or deleting the file from the computer.  For Confidential information, however, additional care is necessary to ensure that the discarded information can-not be recognized or recovered by anyone.  Owners and users also need to ensure that all data backups of the information are also destroyed beyond recovery.
  • 20. Information Security Program Administration • Publishing a set of policies and procedures is no assurance that anyone will ever read them. • Creating an employee awareness program is necessary to bring the information security message to all employees. • Before employees can accept an Information Security (IS) program, they must first understand why the program is necessary and what they will gain from its implementation. • To facilitate this process, a structure has been established to administer the program, its direction and scope .
  • 21. CORPORATE INFORMATION SYSTEMS STEERING COMMITTEE • This committee, consisting of senior management who will share about the available and emerging information technologies to improve efficiency and effectiveness to meet the competitive challenges that lie ahead. • This group has approved and supports the vision and goals of the Information Security program. • They provide guidance, ensuring that the program is consistent with company goals, measures, and targets. • They ensure the availability of resources necessary for successful implementation and maintenance of the program.
  • 22. CORPORATE INFORMATION SECURITY PROGRAM • Corporate Information Security Manager:  This individual will support and direct the corporate Information Security program.  This will be accomplished by ensuring that necessary resources are available. Corporate Information Security Coordinator  This individual is responsible for maintenance of the program’s vision, goals, and elements, and for proposing necessary changes to the IS Steering Committee for approval.  This individual will train and coordinate the organization IS coordinators, supporting them with regular contact, information security awareness tools, consultation, and ideas.  To ensure progress throughout the IS program life cycle, this individual will monitor each organizational unit’s progress and keep the Corporate IS Manager updated.
  • 23. ORGANIZATION INFORMATION SECURITY PROGRAM • Organization Management They will be asked to promote the program by providing appropriate staff and other resources to ensure security of corporate information assets. It is crucial that they also support their organization IS coordinators in the development and maintenance of a local information security program. • Information Security Coordinators : Organization Coordinators:An Organization Information Security Coordinator is appointed by organization management to develop, implement, and maintain an organization IS program consistent with corporate and organization objectives Group Coordinators (Optional):Group Information Security Coordinators assist the Organization IS Coordinator in large organizations.
  • 24. • Area Coordinators (Optional): Area Information Security Coordinators assist the Group IS Coordinator in large groups within an organization. Area IS Coordinators are appointed by the management of areas within a group to perform area-level duties that support the organization IS program. These individuals should perform area-level information risk assessments and may meet with area personnel to build their awareness of information security issues.