Based upon the results of a just completed IT Audit of your organization’s IT department, operations and infrastructure, it has been noted by the Auditor that there exists no current, implemented data classification scheme for your IT environment.
In response to the Audit Report, your management has tasked you with the responsibility of designing a comprehensive data classification scheme for enterprise-wide IT.
Realizing that this is a huge assignment and will require many hours of work to complete, you decide to break down the job into definable sub-tasks and identify individual IT functions in which you will create appropriate data classification schemes.
Given the risk assessment you performed and the associated high priority within the organization, you determine that your first data classification scheme will address online communications and social media data.
Using the documents below, the textbook for this chapter and any additional materials you may identify, research and have authorized access to, develop a data classification scheme for your organization’s online communications and social media data.
Be certain that your classification scheme is complete, comprehensive, and addresses the essential elements of such a scheme as outlined at minimum, leveraging the materials which you have access to. It is important that your proposed classification scheme include examples of data to be included at each level of protection/classification.
Please use the following documents, to assist you in completing this assignment question:
- Data Classification – CNRN
- Data Classification – GWU
- Data Classification – NYC
- DoD Marking Classified Documents – DoD
- Department Of Defense Trusted Computer System Evaluation Criteria (The Orange Book) – ORANGE BOOK