Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees.

Published bySimon Bryan Modified over 9 years ago

Similar presentations

Presentation on theme: "Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees."— Presentation transcript:

1 Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees

2 Information Asset Classification2rev. 10/24/2007 Community of Practice Information security “Information protection is something you do, not something you buy. It is not … a policy to put in place and forget. Information security requires a strong process and effective technologies – all based on a sound understanding of the business the organization is in and how it performs that business.” Burton Group “A Systematic, Comprehensive Approach to Information Security” October 15, 2007

3 Information Asset Classification3rev. 10/24/2007 Community of Practice Information security  Elements: Identify Classify Protect Manage

4 Information Asset Classification4rev. 10/24/2007 Community of Practice What is an information asset?  Anything that has value to the agency that can be communicated or documentary material, regardless of its physical form or characteristics.  Includes, but is not limited to, paper, electronic, digital, images, and voice mail.  Information technology hardware and software are not information assets for classification purposes.

5 Information Asset Classification5rev. 10/24/2007 Community of Practice Information asset classification  The purpose is to ensure information assets are identified, properly classified, and protected throughout their lifecycles.  The objective is to develop and implement processes that allow an agency to continually assess and classify its information assets.

6 Information Asset Classification6rev. 10/24/2007 Community of Practice Why is classification important?  Not all information has the same value or importance to an agency, therefore information requires different levels of protection.  Classification enables employees to apply appropriate handling processes to protect client and customer information.

7 Information Asset Classification7rev. 10/24/2007 Community of Practice Classification levels  Level 1 – Published Information that is not protected from disclosure, that if disclosed will not jeopardize the privacy or security of agency employees, clients, and partners. This includes information regularly made available to the public via electronic, verbal or hard copy media.

8 Information Asset Classification8rev. 10/24/2007 Community of Practice Classification levels  Level 1 – Published Examples:  Press releases  Brochures  Pamphlets  Public access Web pages  Materials created for public consumption

9 Information Asset Classification9rev. 10/24/2007 Community of Practice Classification levels  Level 2 – Limited Information that may not be protected from public disclosure but if made easily and readily available, may jeopardize the privacy or security of agency employees, clients, and/or partners. Agencies shall follow their disclosure policies and procedures before providing this information to external parties.

10 Information Asset Classification10rev. 10/24/2007 Community of Practice Classification levels  Level 2 – Limited Examples  Enterprise risk management planning documents  Published internal audit reports  Names and addresses that are not protected from disclosure

11 Information Asset Classification11rev. 10/24/2007 Community of Practice Classification levels  Level 3 – Restricted Information intended for limited business use that may be exempt from public disclosure because, among other reasons, such disclosure will jeopardize the privacy or security of agency employees, clients, partners or individuals who otherwise qualify for an exemption.

12 Information Asset Classification12rev. 10/24/2007 Community of Practice Classification levels  Level 3 – Restricted Information in this category may be accessed and used by external parties. External parties requesting this information for authorized agency business must be under contractual obligation of confidentiality with the agency (for example, confidential/non- disclosure agreement) prior to receiving it.

13 Information Asset Classification13rev. 10/24/2007 Community of Practice Classification levels  Level 3 – Restricted Examples:  Network diagrams  Personally identifiable information  Other information exempt from public records disclosure

14 Information Asset Classification14rev. 10/24/2007 Community of Practice Classification levels  Level 4 – Critical Information that is deemed extremely sensitive and is intended for use by named individual(s) only. This information is typically exempt from public disclosure because, among other reasons, such disclosure would potentially cause major damage or injury up to and including death to … (con’t.)

15 Information Asset Classification15rev. 10/24/2007 Community of Practice Classification levels  Level 4 – Critical (con’t.) … the named individual(s), agency employees, clients, partners or cause major harm to the agency.

16 Information Asset Classification16rev. 10/24/2007 Community of Practice Classification levels  Level 4 – Critical Examples:  Regulated information with significant penalties for disclosure, such as information covered under HIPAA or IRS regulations  Information that is typically exempt from public disclosure

17 Information Asset Classification17rev. 10/24/2007 Community of Practice Classification levels  Classifying information assets is a business issue and is agency- centric. The classification should be determined by the identified agency information owner for that particular information asset.

18 Information Asset Classification18rev. 10/24/2007 Community of Practice Management methodology  Use information asset classification levels to determine proper processes and procedures for: Information exchange Proper and secure handling Labeling Secure storage Proper destruction

19 Information Asset Classification19rev. 10/24/2007 Community of Practice What you can do  Understand and follow agency policies and procedures for classifying and securing information assets  Understand the proper handling required for the different classification levels  Handle agency information securely  Talk to your supervisor

20 Information Asset Classification20rev. 10/24/2007 Community of Practice Resources  Available at http://oregon.gov/ DAS/EISPD/ESO Information Asset Classification Methodology Information Asset Classification statewide policy 107-004-050 Best practices documents

Download ppt "Information Asset Classification Community of Practicerev. 10/24/2007 Information Asset Classification What it means to employees."

Similar presentations

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC 29406 843-576-1426 Health Insurance Portability.

Todd Frech Ocius Medical Informatics 6650 Rivers Ave, Suite 137 North Charleston, SC Health Insurance Portability.
IT Security Policy Framework

IT Security Policy Framework
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.

University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
CIP Cyber Security – Security Management Controls

CIP Cyber Security – Security Management Controls
Indian Institute of Information Technology, Allahabad.

Indian Institute of Information Technology, Allahabad.
Information Asset Classification Communications Forum Theresa A. Masse, State Chief Information Security Officer Department of Administrative Services.

Information Asset Classification Communications Forum Theresa A. Masse, State Chief Information Security Officer Department of Administrative Services.
1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
HIPAA Privacy Rule Training

HIPAA Privacy Rule Training
HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.

HIPAA – Privacy Rule and Research USCRF Research Educational Series March 19, 2003.
HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) 252-9321; Victoria Nemerson.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.

Today’s Schools face:  Numerous State and Federal Regulations  Reduced Technology Funding  More Stringent Guidelines for Technology Use.
Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.

Reviewing the World of HIPAA Stephanie Anderson, CPC October 2006.
Are you ready for HIPPO??? Welcome to HIPAA

Are you ready for HIPPO??? Welcome to HIPAA
A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.

A dialogue with FMUG: Sensitive Data & Filemaker MIT Policy and Data Classifications ** DRAFT ** Guidelines Feedback and Discussion Tim McGovern 2 June.
Chapter 5: Asset Classification

Chapter 5: Asset Classification
SIU School of Medicine Identity Protection Act and Associated SIU Policy.

SIU School of Medicine Identity Protection Act and Associated SIU Policy.
Data Classification & Privacy Inventory Workshop

Data Classification & Privacy Inventory Workshop

Similar presentations

Ads by Google