Impact of a Data Classification Standard Essay

IMPACT OF A DATA CLASSIFICATION STANDARD

Being a mid-level financial investment and consulting firm, we are governed by laws to protect personal data of our customers. To reduce risks and threats the company needs to develop an IT Security Policy Framework that contains four main components: Policy, Standard, Procedures and Guidelines1. This report focuses on the standard by addressing the three IT infrastructure domains that are affected by the “Internal Use Only” data classification standard of Richman Investments, where the communication of data does not leave the companies intranet2 and how each of the following IT Infrastructure domains: User, Workstation and LAN are affected by the standard.

User domain is considered the weakest link in an IT infrastructure as employees can be motivated to violate company policies. Areas of concern that can affect keeping data private, is: Lack of user awareness, because some users do not pay attention to what data is considered private and fail to secure data properly; Security policy violations, where some users continue to leave private data in the open where others can see it; Disgruntled employee purposely takes personal data to cause some sort of damage between the company and the customer; and Employee blackmail or extortion by threatening to distribute or sell the personal data in trying to obtain a promotion or monetary gain3. Workstation domain consist of workstations (any electronic device that a user can connect to the companies IT infrastructure) to gain access to personal data using multiple resources4.

The areas affected by workstations, consist of: Unauthorized access because an employee did not lock their workstation, did not log off, or their user ID and password were compromised; A virus, malicious code or malware infected the workstation from a user downloading non-business material from the internet; and a user violated the Acceptable User Policy (AUP) by miss-using their authorized access to obtain personal data5. LAN domain is where any electronic device connects to one another using the company’s intranet (LAN Network), where resources can be shared6. The affects caused by connecting to the LAN, consist of: Unauthorized access to┬áLAN by not securing computer rooms, data centers and wiring closets where someone can obtain access to the company’s core systems and retrieve personal data; Rogue users scanning for WLAN SSID broadcast allowing them to crack logon information to access the company systems; and Transmitting personal data via WLAN connections can be compromised by someone from outside the company intercepting the transmission7.

Read also  Human Resources Integration

Governed by laws to protect customer’s personal data, the company must have a strong security standard as part of the IT Security Policy Framework. Focusing on the data classification standard “Internal Use Only”, the company needs to plan for any affects caused in the User, Workstation and LAN domains to prevent personal data loss or corruption. One way is to make sure that employees have signed and are following the companies AUP, along with making sure the companies Intranet is secure from outside attacks. Bibliography

Kim, David and Michael G. Solomon. “Fundamentals of Information Systems Security.”, 15-42. Sunbury, MA: jones and Bartlett Learning, 2012.

More Essays

  • Introduction to Information Security

    Security Domains and Strategies Safety of data and information is a real important aspect of a company. Before we can create an outline for general security solutions we must first define what is needed. I recommend that we use a multi-layered security plan. There are a total of seven domains of an IT...

  • Impacts of Data Classification Standards

    Through my research I have found three basic domains that are affected by the "internal use only" data classification standard. What I would like to discuss in this report addressing IT infrastructure is how these three domains are affected. I will be discussing the User Domain, Workstation Domain, and LAN...

  • Richman Investments _internal Use Only_

    I have been asked to draft a brief report concerning the "Internal Use Only" data classification standard for Richman Investments. The purpose of the report is to describe the standards set by Richman Investments, the potential of a security threat and recommendations to remedy any possible vulnerability....

  • Intro to Security Final Project

    Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. The objective of the Security Policy is to provide the basis of a...

  • Common Risks, Threats, and Vulnerabilities

    1. What are some common risks, threats, and vulnerabilities commonly found in the LAN-to-WAN Domain that must be mitigated through a layered security strategy? A layered security strategy will encompass Rouge protocols such as Bit mining and P2P, Unauthorized network scanning and probing, and unauthorized...

  • Internal Building Security Proposal

    Internal Building Security Proposal Access Control is an important part of any business. Anytime a business is under construction it will be more vulnerable to threats and attacks. Construction will need more protection because of the ability to gain easier access to a building because of the open areas...

  • Information Systems Security Survey

    The University of Nebraska Medical Center (UNMC) is an institution that was built back in the 19th century. UNMC's mission is to improve the health of Nebraska through premier educational programs, innovative research, the highest quality patient care, and outreach to underserved populations (UNMC, 2004)....

  • Bradley Manning Responsible for the Largest Intelligence Leak in the History of the United States

    Bradley Manning Responsible For the Largest Intelligence Leak in the History of the United States (Your Name Here) UMUC CSIA 301 Bradley Manning may be responsible for the largest intelligence leak in the history of the United States . The U.S. Government alleges that Bradley Manning was responsible for...

  • Introduction to Information Systems Security

    A LAN, or local area network, is a group of computers ranging from small to large within a single office or building. Security and access control has to be robust to secure data, applications, and confidential records. Unauthorized access to the network is a massive security risk for the infrastructure. One...

  • Multi Layered Security Plan

    Hardware and software are key pieces of any organization's infrastructure. Components in each domain of the seven domains of the IT infrastructure may connect to a network or to the internet, and can be vulnerable to malicious attacks. Malicious attacks on hardware and software can also lead to more...

Read also  Introduction to Information Security