StudyDaddy Information Systems Assessment Description: A business continuity plan details all of the steps a company must take in the event of an emergency, whether it is fire, flood, or computer hacking. This is how to create one

Assessment Description: A business continuity plan details all of the steps a company must take in the event of an emergency, whether it is fire, flood, or computer hacking. This is how to create one

6

Data Classification in Information Security








INSTITUTIONAL AFFILIATION: Grand Canyon University

INSTRUCTOR’S NAME: Mr. Joshua McSwain

STUDENT’S NAME : Hamidou Oussoumanou

COURSE CODE : 690


I. Information Ownership

Information ownership can be described as the moral or legal rights and responsibilities given to a person, group, or organization regarding how their information will be used with the aim of controlling their information. Information ownership calls for intellectual property rights as it provides a legal framework for protecting information that has been produced by a specific group, thus controlling how the information can be used. (Reed, 2021)

Information ownership allows the creators of specific information to manage and categorize data according to its sensitivity and confidentiality, which makes it possible to introduce policies that can be used in governing and controlling the use of the information. Information ownership makes it possible to create trademarks, patents, and copyrights, thus allowing organizations and groups to benefit from the information they develop, thus facilitating innovation and creativity.

II. Vulnerability mapping, management, and Trackability

Vulnerability mapping and management can be described as identifying potential weaknesses and threats and creating a plan of how the vulnerabilities can be managed by using strategies such as making configuration changes and using security patches. Vulnerability management allows the security teams to create a remediation proposal that can be used in addressing the system vulnerabilities and the best approaches that can be used in solving the vulnerabilities associated with the information systems.

Vulnerability trackability is the process of tracking and monitoring the vulnerabilities associated with the components used in the systems and the networks of infrastructure. Vulnerability trackability allows a record of the vulnerabilities associated with the system to be taken and the actions that were taken to address the vulnerabilities in the organization. The organization's security teams can use vulnerability mapping, management, and trackability to mitigate the risks associated with the systems making minimal impacts. (Ali et al., 2019)

Vulnerability mapping, management, and trackability can be used in identifying risks associated with the information systems, allowing the security teams to create a risk assessment plan to identify areas of potential threats and weaknesses. After vulnerabilities have been identified, security rules can be implemented, which reduces the chances associated with exploitation, thus protecting data stored in an organization.

III. Significance of Configuration and Patch Management Policy

Configuration and patch management are critical to the systems used in an organization as they are used in ensuring that an organization has been well maintained and is up to date. Configuration and patch management can be used to prevent problems associated with compatibility issues and software faults, thus maximizing the efficiency of the systems used in an organization. System configuration allows a solid setup to be used in the infrastructure, thus minimizing the impact of an attack. (Araujo et al., 2020)

Configuration and patch management allow new devices to be added for security and software upgrades which enhances the services that are to be carried by the organization, and it also offers scalability of the systems in case of the expansion of the organization. Configuration management can be used to implement essential system fixes, which is crucial in preventing system failure and the occurrence of potential data breaches in the organization due to faulty systems.

IV. Communication and assigned classifications.

Communications should be diversified to different levels depending on the roles of the system users. Level 1 should be used to store sensitive information and only be authorized to specific users, such as system administrators, in the organization. The security of protecting information stored in level 1 should be stronger compared to other levels. Level 2 should store deemed sensitive information, which should not be considered a secret to the organization, and it should only be accessed by authorized system users.

Level 3 should not store sensitive information associated with the users. The information stored in level 3 should be classified as not sensitive or public as it includes information that can be released to the public without any problems. Information stored in level 3 can include organizational updates and other essential information that administrators of the website would like potential visitors of the website to know about the company.

V. Handling standards

Enterprise Resource Planning requires data to be classified and handled into two main subgroups: the public and the sensitivity of the data to be handled. Both of these categories have different levels of confidentiality and require different handling tactics depending on how they are to be used in the organization. Sensitive data is composed of confidential and private information, and it should not be disclosed to unauthorized users of the organization. Handling sensitive data requires strict handling practices to facilitate data security. Some of the practices that can be used in handling sensitive data include setting up access controls, facilitating data encryption, compliance, and data masking. (Chen et al., 2020)

Public data is data that is not considered sensitive information to an organization, and it may include general organizational data, marketing materials, financial statements, products sold, and others. Public data does not require the implementation of strict security controls and encryption measures as data should be freely shared and accessed by the public, and there should be ease of accessing the data.


Reference:

Ali, S. A., Khatun, R., Ahmad, A., & Ahmad, S. N. (2019). Application of GIS-based analytic hierarchy process and frequency ratio model to flood vulnerable mapping and risk area estimation at Sundarban region, India. Modeling Earth Systems and Environment, 5, 1083-1102.

Araujo, F., & Taylor, T. (2020, November). Improving cybersecurity hygiene through JIT patching. In Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (pp. 1421-1432).

Chen, R. C., Dewi, C., Huang, S. W., & Caraka, R. E. (2020). Selecting critical features for data classification based on machine learning methods. Journal of Big Data, 7(1), 52.

Reed, C. (2021). Information Ownership in the Cloud. Cloud Computing Law (2nd Edn, OUP 2021).


Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!