blog




  • Essay / Asset Identification and Classification Policy

    Asset Identification and Classification PolicyPolicy DefinitionThe goal of this organization is to implement the policies necessary to achieve the appropriate level of protection for each asset of the company. StandardProtecting every asset requires the collaboration of every employee. Different assets have a different probability of failure based on vulnerabilities and threats and require annual information security training for each employee. Procedure A true security program includes policies for identifying and classifying assets. Therefore, identifying and categorizing, tracking and managing assets requires creating and managing assets. implement an inventory checklist in accordance with the recommendations of NIST 800-53 Rev. 4 Security and Privacy Controls for Federal Information Systems and Organizations. GuidelineThe classification of assets in accordance with business needs in the event of a disaster is essential for this organization, therefore The classification scheme requires the approval of the Information Officer and Building Safety Officer. This asset assessment/classification should include the following parameters:• Identify the type of asset, including (network components, devices (laptops, workstations, servers, routers, and data)• Assessment of each asset identified• Classification of data o Based on roles, responsibilities and access privilegesIt is imperative to conduct an annual management assessment.Asset Management and Protection PolicyPolicy DefinitionToday, an organization must take all precautions to manage and protect its assets, including its offshore, physical and IT infrastructure assets The need for asset management and protection is a harsh reality and, by design, not only will the market increase profits and. will comply with external and internal policies and procedures, including federal laws and regulations. It is imperative, before an organization begins to discuss, design or implement policies, to fully understand the enhancement and benefits of a defense. layered at key network points (public and private), at the server and workstation level. Policies written by an organization, which encompass guidelines or mandates from a government entity, therefore ensure a multi-tiered approach. Reference SANS Institute. (2003). Global certification document on information assurance. Retrieved from http://www.giac.org/paper/gsec/3908/layered-security-model-osi-information-security/106272SANS Institute. (2003). Global certification document on information assurance. Retrieved from http://www.giac.org/paper/gsec/2599/layered-security/104465