Pennsylvania State University Penn State Main Campus Information Policy Essay

User Generated



Pennsylvania State University Penn State Main Campus


In the assignments for this course you will develop parts of a corporate security policy for a hypothetical health insurance company (imaginatively named HIC, Inc.). Each week, you will be asked to write one part of the policy framework document set. The framework we will use in this course is a version of that described in “ META Security Group Information Security Policy Framework.” The framework consists of a Security Program Charter, several policy areas, and associated standards

In this assignment, you are to write an asset identification and classification policy for HIC, Inc., including an information classification standard that identifies:

  • the information to be protected
  • the security labels that will be applied to that information.

Be sure to account for PHI, as well as corporate data and any other classes of data that you identify. Indicate whether the classification policy is a mandatory policy, discretionary policy, or if it is a combination of both. Is your system based on a formal model? If so, indicate which, and why you chose that model.

Remember that classification categories only make sense in terms of an access control policy. An access control policy identifies what is protected, but also who has access, what kind of access they have, and penalties for non-compliance.

For each classification that you identify, include the following information:

  • Who will be authorized to access the data in each of the classifications?
  • Is there some kind of clearance involved, or “need-to-know”?
  • What is the responsibility of authorized users with respect to the data they access?
  • Can authorized users do what they want with the data, or are there restrictions, and what are the penalties?

You will need to do some research on this and look at some examples that are currently out there. Your document must provide reasonably clear guidance to employees as to what they are allowed to access and how they should handle the data in order to avoid disciplinary actions.

Your asset identification and classification policy document must be no longer than three pages and include at least two references in APA format.

Just a couple of reminders or bits of info to keep in mind when doing this week's assignment.

  1. Data classification outlines protection, and requirements of data that are critical to an organization.
  2. The info/assets that are to be protected and the classification that applies to them.
  3. Besides including the Access Control requirements for the policy you will want to make sure you include areas like roles and responsibilities, classification levels, compliance, and enforcement to your policy.
  4. Don't forget about the timeframe/timeline as to when your organization leadership wants to have the policy in place by
  5. The ramifications as to if an employee doesn't abide by the rules/policy.

Sample Outline of the paper could be:




Data Types

Information Classification Levels

Data Access


User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached. Please let me know if you have any questions or need revisions.


Information Policy

Student’s Name
Institutional Affiliation



Information security in various organizations matters to a greater extent. The argument
links to the way accountability are facilitated in organizations through information security.
Multiple countries globally utilize information security. This situation calls for the design of the
policy aimed at enabling asset classification and identification policy. Health Insurance
Company (HIC) defines a company that has suffered various intruders' risks through information
leakages. Research on practical information security was conducted through the analysis of
multiple articles. The study enabled the designing of proper techniques available for Heath
Insurance company. The decision to select various ideas concerning information security comes
after a thorough evaluation to establish the most suitable Health Insurance Company.
The purpose of HIC’s asset classification and identification policy is to ensure crucial
information gets secured from wrong access. Also, the policy intends to facilitate more
compliance among various employees in the company. The compliance gets boosted by setting
multiple regulations that control the employees' behavior concerning information confidentiality.
The policy aims to create more awareness of the information that numerous em...

Excellent resource! Really helped me get the gist of things.


Similar Content

Related Tags