SlideShare a Scribd company logo

Information classification

Download as PPTX, PDF
Jyothsna Sridhar
Jyothsna Sridhar

Information, wherever it is handled or stored needs to be protected from unauthorized access, modification , disclosure, and destruction

Education
1 of 25
INFORMATION CLASSIFICATION AND INFORMATION HANDLING BY, JYOTHSNA.S
INFORMATION CLASSIFICATION •Introduction •Classification process •Reclassification
INTRODUCTION • Information, wherever it is handled or stored needs to be protected from unauthorized access, modification , disclosure, and destruction. • Three basic classifications of information have been established. INFORMATION CONFIDENTIAL INTERNAL USE PUBLIC
CONFIDENTIAL DATA • DEFINITION: Information that, if disclosed, could:  Violate the privacy of individuals.  Reduce the company’s competitive advantage  Cause damage to the company. • EXAMPLES:  Personnel records of individuals.  Customer information, shareholders information , vendor information  Specific operating plans, marketing plans, or strategies.  Specific business strategies and directions.  Major changes in the company’s management structure
• DISCUSSION:  Information should be protected according to its sensitivity, criticality, and value.  It is estimated that approximately 5 to 15 percent of corporate information should be classified as Confidential.  Information regarded as sensitive should be labelled as Confidential.
INTERNAL USE • DEFINITION:  Classify information as Internal Use when the information is intended for use by employees when conducting company business. • EXAMPLES:  Operational business information and reports.  Non company information that is subject to a nondisclosure agreement with another company.  Company phone book.  Corporate policies, standards, and procedures.  Internal company announcements.
• DISCUSSION:  This classification represents information that is used in the daily operation of the business and generally would not include planning or strategy development activities.  It is estimated that 70 to 90 percent of corporate information can be classified as Internal Use.  However, organizations such as customer accounting, legal, and personnel departments can be expected to have a larger percentage of Confidential information.
PUBLIC • DEFINITION:  Classify information as Public if the information has been made available for public distribution through authorized company channels.  Public information is not sensitive in context or content, and requires no special security. • EXAMPLE: The following are examples of Public information.  Corporate annual report.  Information specifically generated for public consumption, such as public service bulletins, marketing brochures, and advertisements.
• DISCUSSION:  Generally, information that is readily available from the public media or is a matter of public record is classified as Public.  It is estimated that 5 to 15 percent of corporate information can be classified as Public
CLASSIFICATION PROCESS • RECOMMENDED POLICY:  The owner is responsible for classifying information upon creation. • DISCUSSION:  Upon creation the creator of that information (generally the information owner) is responsible for immediate classification.  Information’s value to the company is heavily influenced by the extent to which its integrity is maintained and is available to those with a business need.  The information owner must be careful not to over-classify information created.
RECLASSIFICATION • RECOMMENDED POLICY:  The owner should review the classification of information at least annually for possible reclassification. • DISCUSSION:  The sensitivity of most classified information decreases over time.  Confidential information may become Internal Use, and Internal Use may eventually become Public.  Because Confidential information often has a more restricted audience than Internal Use information, it is important that information be properly classified to give the widest and most appropriate audience possible
INFORMATION HANDLING •Introduction •Information labelling •Information use and duplication •Information storage •Information disposal
INTRODUCTION • Information handling will help to identify standards and guidelines to help safeguard information during its useful life. • This process will take place once the information is obtained and classified.
INFORMATION LABELING • RECOMMENDED STANDARD:  All Confidential information must be clearly labeled with the word “Confidential.” Any information not specifically labelled should be treated as Internal Use RECOMMENDED PROCEDURE: All Confidential information is to be marked as follows:  The name of the owner and the date of preparation are to appear on the face of the document.  The document or any reproduction is to be stamped or marked Confidential at the top of the outside cover (if applicable) or on the title page.  Only Confidential information requires labelling. Public information should be labeled to identify its intended audience. Information not labeled should be protected as Internal Use.
INFORMATION USE AND DUPLICATION • RECOMMENDED STANDARD:  Information for which access has been authorized may only be used for purposes identified to and authorized by the information owner. • DISCUSSION:  When the information owner provides access to information, it is authorized on the basis of the requester’s established business need.  Access to information is approved for a stated purpose and does not imply that the requester has unrestricted use or authority to use for other purposes.  Sometimes the authorization given by the information owner to the user needs to be formal and written or can be verbal too.
INFORMATION STORAGE • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD: Information must be stored in a manner consistent with its classification as follows:  When not in use, information is to be appropriately stored.  Confidential information is to be stored and maintained only where it can be verified that access can be adequately controlled.
• DISCUSSION:  Information, particularly Confidential information, must be safeguarded not only while in use, but also when stored to protect against unauthorized access, modification.  This may mean that paper-based information may need to be stored in locked cabinets or desks while not in use.  For computer based information, this may mean physically locking the computer while not attended by an authorized individual or installing an access control software package to protect against unauthorized access.
INFORMATION DISPOSAL • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD:  Information must be appropriately destroyed in accordance with the organization’s records retention schedule.  Information no longer of value to the company should be destroyed.  Confidential information must be destroyed beyond ability to recognize and recover.
• DISCUSSION:  When the information no longer has value to the user, his or her copy of the information should be destroyed.  When the information no longer has value to the company, the information owner is responsible for disposal of the information originals.  For Internal Use information, this might mean simply throwing the report in the trash or deleting the file from the computer.  For Confidential information, however, additional care is necessary to ensure that the discarded information can-not be recognized or recovered by anyone.  Owners and users also need to ensure that all data backups of the information are also destroyed beyond recovery.
Information Security Program Administration • Publishing a set of policies and procedures is no assurance that anyone will ever read them. • Creating an employee awareness program is necessary to bring the information security message to all employees. • Before employees can accept an Information Security (IS) program, they must first understand why the program is necessary and what they will gain from its implementation. • To facilitate this process, a structure has been established to administer the program, its direction and scope .
CORPORATE INFORMATION SYSTEMS STEERING COMMITTEE • This committee, consisting of senior management who will share about the available and emerging information technologies to improve efficiency and effectiveness to meet the competitive challenges that lie ahead. • This group has approved and supports the vision and goals of the Information Security program. • They provide guidance, ensuring that the program is consistent with company goals, measures, and targets. • They ensure the availability of resources necessary for successful implementation and maintenance of the program.
CORPORATE INFORMATION SECURITY PROGRAM • Corporate Information Security Manager:  This individual will support and direct the corporate Information Security program.  This will be accomplished by ensuring that necessary resources are available. Corporate Information Security Coordinator  This individual is responsible for maintenance of the program’s vision, goals, and elements, and for proposing necessary changes to the IS Steering Committee for approval.  This individual will train and coordinate the organization IS coordinators, supporting them with regular contact, information security awareness tools, consultation, and ideas.  To ensure progress throughout the IS program life cycle, this individual will monitor each organizational unit’s progress and keep the Corporate IS Manager updated.
ORGANIZATION INFORMATION SECURITY PROGRAM • Organization Management They will be asked to promote the program by providing appropriate staff and other resources to ensure security of corporate information assets. It is crucial that they also support their organization IS coordinators in the development and maintenance of a local information security program. • Information Security Coordinators : Organization Coordinators:An Organization Information Security Coordinator is appointed by organization management to develop, implement, and maintain an organization IS program consistent with corporate and organization objectives Group Coordinators (Optional):Group Information Security Coordinators assist the Organization IS Coordinator in large organizations.
• Area Coordinators (Optional): Area Information Security Coordinators assist the Group IS Coordinator in large groups within an organization. Area IS Coordinators are appointed by the management of areas within a group to perform area-level duties that support the organization IS program. These individuals should perform area-level information risk assessments and may meet with area personnel to build their awareness of information security issues.
THANK YOU

Recommended

Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Recommended

Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Information Security Policies and Standards
Information Security Policies and StandardsInformation Security Policies and Standards
Information Security Policies and StandardsDirectorate of Information Security | Ditjen Aptika
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Planning for security and security audit process
Planning for security and security audit processPlanning for security and security audit process
Planning for security and security audit processDivya Tiwari
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Data security
Data securityData security
Data securityAbdulBasit938
 
It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
Security policy
Security policySecurity policy
Security policyDhani Ahmad
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementMaganathin Veeraragaloo
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data backup and disaster recovery
Data backup and disaster recoveryData backup and disaster recovery
Data backup and disaster recoverycatacutanjcsantos
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security ExplainedHappiest Minds Technologies
 
Information security
Information securityInformation security
Information securityavinashbalakrishnan2
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 
International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...Scottish Library & Information Council (SLIC), CILIP in Scotland (CILIPS)
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 

More Related Content

What's hot

Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
Information security management system
Information security management systemInformation security management system
Information security management systemArani Srinivasan
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness TrainingDenis kisina
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from SymantecArrow ECS UK
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsKrishna Srikanth Manda
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk ManagementSam Bowne
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best PracticesEvolve IP
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Data backup and disaster recovery
Data backup and disaster recoveryData backup and disaster recovery
Data backup and disaster recoverycatacutanjcsantos
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information SystemSatya P. Joshi
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsKarthikeyan Dhayalan
 
Security risk management
Security risk managementSecurity risk management
Security risk managementG Prachi
 

What's hot (20)

Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
Information security management system
Information security management systemInformation security management system
Information security management system
 
Data security
Data securityData security
Data security
 
It Policies
It PoliciesIt Policies
It Policies
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
 
Security policy
Security policySecurity policy
Security policy
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
Domain 1 - Security and Risk Management
Domain 1 - Security and Risk ManagementDomain 1 - Security and Risk Management
Domain 1 - Security and Risk Management
 
Data Loss Prevention from Symantec
Data Loss Prevention from SymantecData Loss Prevention from Symantec
Data Loss Prevention from Symantec
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
1. Security and Risk Management
1. Security and Risk Management1. Security and Risk Management
1. Security and Risk Management
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
 
Data backup and disaster recovery
Data backup and disaster recoveryData backup and disaster recovery
Data backup and disaster recovery
 
Security and control in Management Information System
Security and control in Management Information SystemSecurity and control in Management Information System
Security and control in Management Information System
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Data Security Explained
Data Security ExplainedData Security Explained
Data Security Explained
 
Information security
Information securityInformation security
Information security
 
Security risk management
Security risk managementSecurity risk management
Security risk management
 

Viewers also liked

Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification PresentationDerroylo
 
10 Traits Of A Great Employee
10 Traits Of A Great Employee 10 Traits Of A Great Employee
10 Traits Of A Great Employee Officevibe
 
Human Rights Presentation
Human Rights PresentationHuman Rights Presentation
Human Rights Presentationellaboi
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017Drift
 

Viewers also liked (6)

International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...International Standard Bibliographic Description: background and recent devel...
International Standard Bibliographic Description: background and recent devel...
 
Data Classification Presentation
Data Classification PresentationData Classification Presentation
Data Classification Presentation
 
10 Traits Of A Great Employee
10 Traits Of A Great Employee 10 Traits Of A Great Employee
10 Traits Of A Great Employee
 
Human Rights Presentation
Human Rights PresentationHuman Rights Presentation
Human Rights Presentation
 
Human rights in_india
Human rights in_indiaHuman rights in_india
Human rights in_india
 
3 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 20173 Things Every Sales Team Needs to Be Thinking About in 2017
3 Things Every Sales Team Needs to Be Thinking About in 2017
 

Similar to Information classification

Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001PECB
 
Data Classification .pptx
Data Classification .pptxData Classification .pptx
Data Classification .pptxshalinityagi112
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsTrustArc
 
Clasify information in education field
Clasify information in education fieldClasify information in education field
Clasify information in education fieldNebojsa Stefanovic
 
marketing information system-chapter two
marketing information system-chapter twomarketing information system-chapter two
marketing information system-chapter twoHailemariam Kebede
 
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانیBusiness Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانیHosseinieh Ershad Public Library
 
IT6701 Information Management Unit - V
IT6701 Information Management Unit - VIT6701 Information Management Unit - V
IT6701 Information Management Unit - Vpkaviya
 
Cost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityCost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityPrithvi Ghag
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramFinancial Poise
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writingPasangdolmoTamang
 
20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.ppt20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.pptabhichowdary16
 
PIPL - Practice Area Business Intelligence
PIPL - Practice Area Business IntelligencePIPL - Practice Area Business Intelligence
PIPL - Practice Area Business IntelligenceDr. Sanjeev B Ahuja
 
Solution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an OrganizationSolution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an OrganizationOrlando Trajano
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Mediadevbhargav1
 
Is202 – workshop 1
Is202 – workshop 1Is202 – workshop 1
Is202 – workshop 1Shaheen Khan
 

Similar to Information classification (20)

Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001Implementing Asset Management System with ISO 55001
Implementing Asset Management System with ISO 55001
 
Data Classification .pptx
Data Classification .pptxData Classification .pptx
Data Classification .pptx
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
Clasify information in education field
Clasify information in education fieldClasify information in education field
Clasify information in education field
 
marketing information system-chapter two
marketing information system-chapter twomarketing information system-chapter two
marketing information system-chapter two
 
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانیBusiness Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
Business Data Alignment-همراستاییِ داده‌ها با اهداف سازمانی
 
IT6701 Information Management Unit - V
IT6701 Information Management Unit - VIT6701 Information Management Unit - V
IT6701 Information Management Unit - V
 
Cost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityCost benefit analysis vs confidentiality
Cost benefit analysis vs confidentiality
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
How to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security ProgramHow to Build and Implement your Company's Information Security Program
How to Build and Implement your Company's Information Security Program
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Hippa powerpoint 92613
Hippa powerpoint 92613Hippa powerpoint 92613
Hippa powerpoint 92613
 
Hippa powerpoint 92613
Hippa powerpoint 92613Hippa powerpoint 92613
Hippa powerpoint 92613
 
Information security policy how to writing
Information security policy how to writingInformation security policy how to writing
Information security policy how to writing
 
20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.ppt20-MOD 8 Self and Work Management-20-07-2023.ppt
20-MOD 8 Self and Work Management-20-07-2023.ppt
 
PIPL - Practice Area Business Intelligence
PIPL - Practice Area Business IntelligencePIPL - Practice Area Business Intelligence
PIPL - Practice Area Business Intelligence
 
Ais section ch1
Ais section ch1Ais section ch1
Ais section ch1
 
Solution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an OrganizationSolution Plan for Risk Mitigation for an Organization
Solution Plan for Risk Mitigation for an Organization
 
Privacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social MediaPrivacy and Data Security | Data Collection | Social Media
Privacy and Data Security | Data Collection | Social Media
 
Is202 – workshop 1
Is202 – workshop 1Is202 – workshop 1
Is202 – workshop 1
 

More from Jyothsna Sridhar

Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things Jyothsna Sridhar
 
Connecting social media to e commerce system
Connecting social media to e commerce systemConnecting social media to e commerce system
Connecting social media to e commerce systemJyothsna Sridhar
 

More from Jyothsna Sridhar (6)

Hololens
HololensHololens
Hololens
 
Presentation1
Presentation1Presentation1
Presentation1
 
Svv
SvvSvv
Svv
 
Htc vive
Htc viveHtc vive
Htc vive
 
Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things Vehicle anti theft tracking system based on internet of things
Vehicle anti theft tracking system based on internet of things
 
Connecting social media to e commerce system
Connecting social media to e commerce systemConnecting social media to e commerce system
Connecting social media to e commerce system
 

Recently uploaded

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfChris Hunter
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 

Recently uploaded (20)

Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 

Information classification

  • 3. INTRODUCTION • Information, wherever it is handled or stored needs to be protected from unauthorized access, modification , disclosure, and destruction. • Three basic classifications of information have been established. INFORMATION CONFIDENTIAL INTERNAL USE PUBLIC
  • 4. CONFIDENTIAL DATA • DEFINITION: Information that, if disclosed, could:  Violate the privacy of individuals.  Reduce the company’s competitive advantage  Cause damage to the company. • EXAMPLES:  Personnel records of individuals.  Customer information, shareholders information , vendor information  Specific operating plans, marketing plans, or strategies.  Specific business strategies and directions.  Major changes in the company’s management structure
  • 5. • DISCUSSION:  Information should be protected according to its sensitivity, criticality, and value.  It is estimated that approximately 5 to 15 percent of corporate information should be classified as Confidential.  Information regarded as sensitive should be labelled as Confidential.
  • 6. INTERNAL USE • DEFINITION:  Classify information as Internal Use when the information is intended for use by employees when conducting company business. • EXAMPLES:  Operational business information and reports.  Non company information that is subject to a nondisclosure agreement with another company.  Company phone book.  Corporate policies, standards, and procedures.  Internal company announcements.
  • 7. • DISCUSSION:  This classification represents information that is used in the daily operation of the business and generally would not include planning or strategy development activities.  It is estimated that 70 to 90 percent of corporate information can be classified as Internal Use.  However, organizations such as customer accounting, legal, and personnel departments can be expected to have a larger percentage of Confidential information.
  • 8. PUBLIC • DEFINITION:  Classify information as Public if the information has been made available for public distribution through authorized company channels.  Public information is not sensitive in context or content, and requires no special security. • EXAMPLE: The following are examples of Public information.  Corporate annual report.  Information specifically generated for public consumption, such as public service bulletins, marketing brochures, and advertisements.
  • 9. • DISCUSSION:  Generally, information that is readily available from the public media or is a matter of public record is classified as Public.  It is estimated that 5 to 15 percent of corporate information can be classified as Public
  • 10. CLASSIFICATION PROCESS • RECOMMENDED POLICY:  The owner is responsible for classifying information upon creation. • DISCUSSION:  Upon creation the creator of that information (generally the information owner) is responsible for immediate classification.  Information’s value to the company is heavily influenced by the extent to which its integrity is maintained and is available to those with a business need.  The information owner must be careful not to over-classify information created.
  • 11. RECLASSIFICATION • RECOMMENDED POLICY:  The owner should review the classification of information at least annually for possible reclassification. • DISCUSSION:  The sensitivity of most classified information decreases over time.  Confidential information may become Internal Use, and Internal Use may eventually become Public.  Because Confidential information often has a more restricted audience than Internal Use information, it is important that information be properly classified to give the widest and most appropriate audience possible
  • 12. INFORMATION HANDLING •Introduction •Information labelling •Information use and duplication •Information storage •Information disposal
  • 13. INTRODUCTION • Information handling will help to identify standards and guidelines to help safeguard information during its useful life. • This process will take place once the information is obtained and classified.
  • 14. INFORMATION LABELING • RECOMMENDED STANDARD:  All Confidential information must be clearly labeled with the word “Confidential.” Any information not specifically labelled should be treated as Internal Use RECOMMENDED PROCEDURE: All Confidential information is to be marked as follows:  The name of the owner and the date of preparation are to appear on the face of the document.  The document or any reproduction is to be stamped or marked Confidential at the top of the outside cover (if applicable) or on the title page.  Only Confidential information requires labelling. Public information should be labeled to identify its intended audience. Information not labeled should be protected as Internal Use.
  • 15. INFORMATION USE AND DUPLICATION • RECOMMENDED STANDARD:  Information for which access has been authorized may only be used for purposes identified to and authorized by the information owner. • DISCUSSION:  When the information owner provides access to information, it is authorized on the basis of the requester’s established business need.  Access to information is approved for a stated purpose and does not imply that the requester has unrestricted use or authority to use for other purposes.  Sometimes the authorization given by the information owner to the user needs to be formal and written or can be verbal too.
  • 16. INFORMATION STORAGE • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD: Information must be stored in a manner consistent with its classification as follows:  When not in use, information is to be appropriately stored.  Confidential information is to be stored and maintained only where it can be verified that access can be adequately controlled.
  • 17. • DISCUSSION:  Information, particularly Confidential information, must be safeguarded not only while in use, but also when stored to protect against unauthorized access, modification.  This may mean that paper-based information may need to be stored in locked cabinets or desks while not in use.  For computer based information, this may mean physically locking the computer while not attended by an authorized individual or installing an access control software package to protect against unauthorized access.
  • 18. INFORMATION DISPOSAL • CORPORATE POLICY:  Organizations shall retain records in the most economical and practical method and location, and shall destroy or relocate them to more economical storage when appropriate. • RECOMMENDED STANDARD:  Information must be appropriately destroyed in accordance with the organization’s records retention schedule.  Information no longer of value to the company should be destroyed.  Confidential information must be destroyed beyond ability to recognize and recover.
  • 19. • DISCUSSION:  When the information no longer has value to the user, his or her copy of the information should be destroyed.  When the information no longer has value to the company, the information owner is responsible for disposal of the information originals.  For Internal Use information, this might mean simply throwing the report in the trash or deleting the file from the computer.  For Confidential information, however, additional care is necessary to ensure that the discarded information can-not be recognized or recovered by anyone.  Owners and users also need to ensure that all data backups of the information are also destroyed beyond recovery.
  • 20. Information Security Program Administration • Publishing a set of policies and procedures is no assurance that anyone will ever read them. • Creating an employee awareness program is necessary to bring the information security message to all employees. • Before employees can accept an Information Security (IS) program, they must first understand why the program is necessary and what they will gain from its implementation. • To facilitate this process, a structure has been established to administer the program, its direction and scope .
  • 21. CORPORATE INFORMATION SYSTEMS STEERING COMMITTEE • This committee, consisting of senior management who will share about the available and emerging information technologies to improve efficiency and effectiveness to meet the competitive challenges that lie ahead. • This group has approved and supports the vision and goals of the Information Security program. • They provide guidance, ensuring that the program is consistent with company goals, measures, and targets. • They ensure the availability of resources necessary for successful implementation and maintenance of the program.
  • 22. CORPORATE INFORMATION SECURITY PROGRAM • Corporate Information Security Manager:  This individual will support and direct the corporate Information Security program.  This will be accomplished by ensuring that necessary resources are available. Corporate Information Security Coordinator  This individual is responsible for maintenance of the program’s vision, goals, and elements, and for proposing necessary changes to the IS Steering Committee for approval.  This individual will train and coordinate the organization IS coordinators, supporting them with regular contact, information security awareness tools, consultation, and ideas.  To ensure progress throughout the IS program life cycle, this individual will monitor each organizational unit’s progress and keep the Corporate IS Manager updated.
  • 23. ORGANIZATION INFORMATION SECURITY PROGRAM • Organization Management They will be asked to promote the program by providing appropriate staff and other resources to ensure security of corporate information assets. It is crucial that they also support their organization IS coordinators in the development and maintenance of a local information security program. • Information Security Coordinators : Organization Coordinators:An Organization Information Security Coordinator is appointed by organization management to develop, implement, and maintain an organization IS program consistent with corporate and organization objectives Group Coordinators (Optional):Group Information Security Coordinators assist the Organization IS Coordinator in large organizations.
  • 24. • Area Coordinators (Optional): Area Information Security Coordinators assist the Group IS Coordinator in large groups within an organization. Area IS Coordinators are appointed by the management of areas within a group to perform area-level duties that support the organization IS program. These individuals should perform area-level information risk assessments and may meet with area personnel to build their awareness of information security issues.