|
Information Classification
|
| bet | 3/6 | | Sana | 01.04.2017 | | Hajmi | 36 Kb. | | #2749 |
Information assets must be identified, classified, and labeled based on the sensitivity to the organization (i.e., the business impact if destroyed, damaged or disclosed). Owners are responsible for classifying information assets. Everyone is responsible to ensure that the appropriate level of protection is consistently applied. Information assets must be classified according to the following scheme:
-
Level 1 -- Confidential Information: This class represents important and/or highly sensitive material that is appropriate for only specific employees. Unauthorized disclosure, modification, or destruction of this information could cause serious damage to the company and our clients.
-
Level 2 -- Institutional Information: This class represents information important to the company. Its destruction and/or modification could result in serious losses. This information must have controls to ensure its integrity and accuracy. Its use is therefore subject to certain restrictions.
-
Level 3 -- Unrestricted Information: This class represents information that does not fall into one of the above classifications and is appropriate for all company personnel in addition to the general public. This information is not considered confidential, and its disclosure, modification and/or destruction does not need to be controlled.
Information classified as Level 1, log-in passwords and other parameters that can be used to gain access to the company are a few examples of data types which must be encrypted by the approved encryption standard before transmission over the Intranet or Internet. In addition, Level 2 data must be sent encrypted over the Internet. It may be in the clear on the Intranet.
|
| |
