The classification of the Asset involves as number of steps. The first step is the identification of information assets at Alpha Corporation. These assets include information related to employees such as their records, job application and interview information, Customer records which include their personal information, financial information, application for new services as well as the history of previous services that they have used, Documentation such as policies, correspondence with company’ partners and customers , advice given to customers as well as audit reports from previous years, support and business continuity plan and other business related documentation.
If the information is stored on multiple media, the company must ensure that the classification is applied to all types of format and media on which the data is stored. The second step of the classification includes the identification of the owner of the information asset. This involves identification of an authority and assigning the responsibility to the authority to owning the data and controlling the access to it (Goel 2009). When an information classification for an information asset is being determined, a number of considerations should be made. For example, if an information asset can be classified on the basis of a regulation or a policy, it must be done so. For those assets for whom such exercise cannot be carried out, an impact assessment matrix should be used to analyze the impact of information asset if it is compromised, in order to select an appropriate classification. The highest security castigation that is determined in this ways must be enforced on the asset. Also when such as enforcement is made, a date or event may be identified after which the consequences of the asset compromise as identified in assessment matrix may change. This date or event can trigger a change in the sensitivity of the information asset (SANS Institute 2003).
It is also a good practice to establish and maintain a register in order to record the information classification of every information asset. In ideal conditions, this register should be maintained and made accessible to all departments of Alpha Corporation and should cover all security classified information assets as identified in previous stages. At minimum the information recorded in the register should include the name or unique identifier of the asset or group of assets, the description, the location of the asset, who owns the information asset, the security classification of the asset, date when the asset was classified as well as the approver of classification, reasons for classification and assignment of a particular class as well as a classification review date (SANS Institute 2003).
Once the information has been successfully classified information protection measures should be identified which can map to provide protection to different information classes. There are a number of protection measures that can be used for this purpose. For example, the one of the most commonly used safeguard is authentication. The use of authentication ensures that the individual is actually whom he or she claims to be. In role based access, the access to a particular piece of information is controlled based on the business need or job function. The use of this approach required the validation of information owner in order to allow an employee access to information. Encryption is another method that is used by organization in order make information inappropriate for viewing for any unauthorized viewer. The administrative controls are also used in order to protect the integrity oaf information. These controls are often taken for granted but in reality are not implemented by many organizations due to high overhead. Other measures include policies compliance checks of system, installation of intrusion detection system, transactional as well as administrative monitoring and file access control (SANS Institute 2003).
This is just a sample term paper for marketing purposes. If you want to order term papers, essays, research papers, dissertations, case study, book reports, reviews etc. Please access the order form.