Asset Identification and Classification Policy

2967 Words Jun 21st, 2018 12 Pages
Asset Identification & Classification Policy

Policy Definition
It is the goal of this organization to implement the policies necessary to achieve the appropriate level of protection for each corporate asset.

Standard
Protecting each asset requires collaboration from every employee. Different assets have a different probability of failure do to vulnerabilities, threats and require annual information security training for each employee.

Procedure
A true security program includes an Asset Identification & Classification Policies, therefore, identifying and categorizing, tracking and managing assets require one to create and implement an inventory control list according to the recommendation outline in NIST 800-53 Rev. 4 Security and
…show more content…
The Acceptable Use Policy outlines the appropriate/acceptable behavior and ramification for noncompliance to this and every policy of this organization.
Procedure
The Acceptable Use Policy must address every aspect of an employees' daily routine outlining to Do and Do Not as he or his uses to assets/resources of this organization.
Guidelines
The intent of these guidelines is to help employee make the best decision when using the assets/resources of this organization; as well as refer employee to additional policies for further clarification.
• Expectation of privacy
• Workplace Privacy and Employee Monitoring
• Internet Usage o Access Control to prevent employee from accessing in appropriate site
• E-Mail Usage o Etiquette o Mandatory Signatures o Attachment protocols o Continuing education
 Spam
 Malware
 Virus
• Software/hardware o Installation and deletion
• Use of hardware o USB Drives o CD
• Ramifications o Organizational Penalties o Employee infraction scale
• Communication devices

Threat/Vulnerability Assessment & Management Policy
Policy Definition
A Threat and Vulnerability Assessment and Management Policy by design uses processes and technology that helps identify, assess and remediate IT threats and vulnerability. A term “threat” is any action of exploiting a vulnerability that results in
Open Document