Data classification, in the context of information security, is the classification of data based on its level of sensitivity and its potential impact on the organization should that data be disclosed, altered, or destroyed without authorization. Without classifying data into data classification categories and classifying how to handle the data, valuable information will be vulnerable.
Develop a three-level classification system for your enterprise resource planning (ERP) system by creating 800- to 1,100-word policy that will be added as an addendum to the BCP. The policy will be added to the appendix in your BCP. Consider the type of access control your users will be using and address the following:
- Explain the meaning of information ownership and how to classify, handle, and label it.
- Describe vulnerability mapping, management, and trackability.
- Explain the significance of configuration and Patch management within the policy.
- Take into consideration who should be able to access, alter, save, or print the data. For each classification, decide how you will label your data to communicate the assigned classification.
- Develop handling standards for each classification.
Note: Since this course is the culmination of the Business Continuity Plan, students may utilize or adapt any of their previous assignments from earlier classes in the program for assignments in this course.
While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Review the rubric and “CYB-690 – Loss Prevention and Asset Management Scoring Guide,” prior to beginning the assignment to become familiar with the expectations for successful completion.
You are not required to submit this assignment to LopesWrite.