The Information Classification Procedure describes the actions necessary to comply with the Company’s Information Security Policy and Information Classification Policy.
Security classifications are used to indicate the need and priorities for security protection.
Information has varying degrees of sensitivity and criticality. Some items may require an additional level of security protection or special handling. A security classification system is used to define an appropriate set of security protection levels and to communicate the need for special handling measures to users.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3.1 PRINCIPLES OF CLASSIFICATION SCHEME AND HANDLING
3.2 CLASSIFICATION MARKINGS
3.3 HANDLING DIRECTIVES/MODIFIERS
3.4 CLASSIFICATION SECURITY MEASURES
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
The techniques of dual control and segregation of duties have to be implemented to enhance the control over activities wherever the risk and impact of an IT Security incident would likely result in financial or other material damage to the organization.
The objective of the Cryptographic Controls Standard is to outline the minimum information security controls which must be applied when cryptographic services and solutions are utilized by the Company. Specifically, this Standard focuses on key management requirements, acceptable algorithms, appropriate key lengths, and raises pertinent regulatory considerations relating to the use of cryptography.