IMPACT OF A DATA CLASSIFICATION STANDARD
Being a mid-level financial investment and consulting firm, we are governed by laws to protect personal data of our customers. To reduce risks and threats the company needs to develop an IT Security Policy Framework that contains four main components: Policy, Standard, Procedures and Guidelines1. This report focuses on the standard by addressing the three IT infrastructure domains that are affected by the ”Internal Use Only” data classification standard of Richman Investments, where the communication of data does not leave the companies intranet2 and how each of the following IT Infrastructure domains: User, Workstation and LAN are affected by the standard.
User domain is considered the weakest link in an IT infrastructure as employees can be motivated to violate company policies. Areas of concern that can affect keeping data private, is: Lack of user awareness, because some users do not pay attention to what data is considered private and fail to secure data properly; Security policy violations, where some users continue to leave private data in the open where others can see it; Disgruntled employee purposely takes personal data to cause some sort of damage between the company and the customer; and Employee blackmail or extortion by threatening to distribute or sell the personal data in trying to obtain a promotion or monetary gain3.
Workstation domain consist of workstations (any electronic device that a user can connect to the companies IT infrastructure) to gain access to personal data using multiple resources4. The areas affected by workstations, consist of: Unauthorized access because an employee did not lock their workstation, did not log off, or their user ID and password were compromised; A virus, malicious code or malware infected the workstation from a user downloading non-business material from the internet; and a user violated the Acceptable User
Bibliography: Kim, David and Michael G. Solomon. “Fundamentals of Information Systems Security.”, 15-42. Sunbury, MA: jones and Bartlett Learning, 2012.