Asset Identification and Classification Policy

2967 Words12 Pages
Asset Identification & Classification Policy Policy Definition It is the goal of this organization to implement the policies necessary to achieve the appropriate level of protection for each corporate asset. Standard Protecting each asset requires collaboration from every employee. Different assets have a different probability of failure do to vulnerabilities, threats and require annual information security training for each employee. Procedure A true security program includes an Asset Identification & Classification Policies, therefore, identifying and categorizing, tracking and managing assets require one to create and implement an inventory control list according to the recommendation outline in NIST 800-53 Rev. 4 Security and…show more content…
The Acceptable Use Policy outlines the appropriate/acceptable behavior and ramification for noncompliance to this and every policy of this organization. Procedure The Acceptable Use Policy must address every aspect of an employees' daily routine outlining to Do and Do Not as he or his uses to assets/resources of this organization. Guidelines The intent of these guidelines is to help employee make the best decision when using the assets/resources of this organization; as well as refer employee to additional policies for further clarification. • Expectation of privacy • Workplace Privacy and Employee Monitoring • Internet Usage o Access Control to prevent employee from accessing in appropriate site • E-Mail Usage o Etiquette o Mandatory Signatures o Attachment protocols o Continuing education  Spam  Malware  Virus • Software/hardware o Installation and deletion • Use of hardware o USB Drives o CD • Ramifications o Organizational Penalties o Employee infraction scale • Communication devices Threat/Vulnerability Assessment & Management Policy Policy Definition A Threat and Vulnerability Assessment and Management Policy by design uses processes and technology that helps identify, assess and remediate IT threats and vulnerability. A term “threat” is any action of exploiting a vulnerability that results in
Open Document