Information Classification in BioMed Company - Case Study Example

Information Classification Name Institution Table of Contents Introduction 2 Executive Summary The report is the protection of information from BioMed Company with the help of software such as Global System for Mobile Communications (GSM). With the help of other parties such VPN that will keep all the emails pertaining to the phone of the CEO the company’s computers. The CEO will promote the proper management of the company. The GSM will be in use to protect information using second generation (2G) principles derived from the first one (1G). The GSM deals with cellular phones in terms of operation of networks. The standard is now the world’s standard now. The creation of the standard by The European Telecommunication body (EITD) is impressive. The study came out with several ways of protecting data (information) through methods like the use of safety containers, computers with passwords, and limited access. Not all people should have access to certain information, as they would spread the information unnecessarily. The report ended with a three-week plan to achieve the duty of having an Information plan to protect information. Information Classification Introduction Over the years, companies have put up efforts to improve the technology concerning the protection of certain information. The result has shown benefits in the sense that competitors will not know the next move of a company. The company has enough time to invent the new technology. BioMed Company specializes in the production and supply of human implantable tools and materials. When it comes to BioMed Company, there is no difference as the primary objective of the company is to keep ahead of others in the industry of supplying and making human implantable tools. These specified tools that come out the required and desired human implantable materials. For example, to keep ahead in the line of business then BioMed will implore the recent technology. The system uses GSM and materials for humans. The issues are to make the brain – phone materials that allow a patient who cannot speak well to do so. All workers in BioMed will be in positions to attend sessions that talk about the need for having inside issues remain inside and not to go outside, as is the case of some companies. The Information Security Manager will endeavor that all members of the group learn how to protect vital information in the right place. There will be penalties for people who misbehave and want to give way information to the third party and competitors for the sake of money (Hovenga 2010). Data Protection Certain information needs protection to avoid plagiarism. When data copied from one company to another exists, there is a problem. The result of letting out some information will show the company’s weaknesses are in a state of others knowing about them. Once other companies get t understand the cutting edge of the business, the company loses ground in controlling the market. Not all people should know everything. Some people should not individual pieces of information, as they may not do the right thing. The wrong thing could be selling out the company to its competitors. The habit is a human weakness that some people cannot overcome (Information Resources Management Association & Khosrow-Pour 2001). Information Safety Tools These safety tools help in keeping of data way from the public to avoid the harmful spread of information that could hurt not only the feeling of people but also promote growing disbelief in the company. The doubt leads to financial drop down in which the sales of the human implantable parts for speech and hearing will be on the decline. The decline will lead to fewer sales and, in the end, less money generated. These tools are safety saves to mention a few. Stated Policies Several roles will be in position for implementation. For example, VPN will strictly deal with the safety of all email that pertains to the CEO’s phone with the aim of shielding the company from intruders and hackers. The Information Security Manager will be in the position to organize work schedules that concern the protection of work. The aim gets the best of the system. The manager will go ahead to investigate any problems associated with failure of the system. In so doing, he will regularly maintain them (Black et al. 2001). All made tests and checks are in line with stated procedures of the company in the event that relevant information is out in the public. There is a team of experts from VPN and the company. The representatives of the company are the CEO, and the Information security manager who wills both be in a position to understand the nest calculated move to avoid the future exposure of information. Bothe representative for VPN and the company will make a report make the next move in the aftermath of information leaking to the public. The procedures in the aftermath of such an event would involve, analyzing the length of the damage to all concerned parties and followed by compensation of all damaged parties. It will not be a right move to deny the information in the media, but a lawyer would work in case some people want to exploit the event for their gain (Norman 2007). Classification The classification of information takes on different shapes and methods. However, classification is both Objective and Subjective. Individual classification takes into account the owners desire and feeling in the process. On the hand, Objective classification considers the drafted policies that run the operation and classification of the company. Several ways to discipline culprits who do not respect information are 1. Okay people in terms of cash and property. 2. Strip off titles and privileges. 3. Putt the culprit in a lower position Several documents that need protection are; 1. The company’s financial secrets and pin numbers in the bank. The importance is to protect such information to avoid unlawful withdrawal of money. 2. The tactful skills help in the provision of the new technology of GSM. 3. The next strategic moves of the company in as far as improving sales of the human implantable matters 4. The SWOT analysis of the company: The importance of shielding the company’s ideas from competitors helps it to keep ahead of them as the others do not know the next new innovative solution for the company. 5. All government and partner transactions kept away from public to avoid any suspicious rumors from the public concerning the operation of the business matter. 6. There are top company secrets. These secrets need protection especially if they deal with the technology the help to keep BioMed ahead in the business of dealing and selling human implantable tools. 7. The company’s ten-year strategic plan in term of achieving its goals and meeting the stated targets 8. There are customers who pledge to the company’s existence, but they would not want mention of their names into the public for recognition. These kinds of people prefer to remain in known. The company would want to leave it at that and not get a problem with these customers. 9. All transaction done on the banks as the records remain in the bank and company’s records. 10. The mistakes and conflicts that the company may have been in the past but had a solution. These could be inside wrangles. Having the disputes spread into the public will reflect the type of company customers would not want to see. The information of a company that needs other people in the public to know include; 1. The audits of the company help to show the financial standing for the given year. The reviews will reflect the general performance of the company. The company will encourage several people to support it given that the reviews are useful. 2. The total number and kind of activities and schedules are on display to guide other new people in the area the operations that go on. These new people can understand what needs to follow other activities in a quick way. 3. The start date of the company and the date of establishment of the company with the pioneers and founding members of the company. The information is vital in order to remind the members of the compound where they originate. 4. The vision of the company clearly shows what it is all about. Other companies go ahead and mention the principles that guide the operation of the company. 5. The procedure for solving problems in the face of seemingly hard challenges that other companies would find impossible to overcome. 6. The best deals that the company has had over the years. Several steps should have priority in the implementation of a plan supposed to guide the formation of a classified document. The nine steps are as follows: 1. The worth of the Business Base needs to be understandable. 2. Risks of the information going into the public need careful handling because if they are not, a problem arises. The risks of having untrustworthy members of the company need a solution like telling workers the importance of valuing principles. One of the principles of the company is solidarity. The meaning of this is that not all information should go into the public more so if it is going to lead harm in the near future. 3. Certain questions like who should get certain types of information needs critical handling. 4. The data at stake will determine the exact value present in it. The position of the value will help to suggest what kind of information is at stake. Next is to get the correct method of protecting the data. The worth of the information needs grouping in which case one need to know important and the least important information. The data will be in the most wanted value will need careful handling. The processing of such information will be in good faith. The manager handling the safety of the documents will have the required experience. 5. The data has an attached procedure of protection dependent on values. Different way help get to the intended result. Take into consideration the security manager using computers having passwords. The particular file will need a password that only authorizes people to access the information. The security department can use data that will have significant information. These documents have the best storage. There are areas having certain data. For example in the place the of the Information security manager, a laptop will exist into which the information can have a place of safety. 6. The secured data need a cautious review. In the review, the information will have a substantial assessment on issues concerning the facts for the classification. The report will state the conditions under which the given information went through classification. In daily situations, the report provides the ways used in the process used for of the material. Several others state the time for which a material remains classified. The rating time depends on a number of issues. Several of these aspects are the quality time of the record and need. Detailed data assists to prevent the release of relevant data at a risky period (American Society of Insurance Management & Risk and Insurance Management Society 1969). 7. A meeting would help the workers of the company to understand the documents have distinguished between them. The workers will know that it is the duty to promote the information in the classified documents has the amount of protection from all types of intruders. More so, the information will undergo transfer to particular places of safety where only sure people get access to them. Specific policies will surface in line with the safety of the information. The Security Information Manager will give a different worker of BioMed Company. 8. There are policies that show there are particular ways of concerning the protection of information. 9. There should be new rules placed to guide all members of BioMed on how to handle work in order to avoid Hardware classification There are documents that need safety in terms of files. The documents that need protection such as information concerning the new technology will require security places such as files and computers. The information is in the computer will be safe and not destroyed. There are documents that in ink and others typed. Ownership of Information Several people write and edit information. The way they do work is in their hands basing ton the fact only them alone know the importance of the information. The security manager for Information should ask all writers the importance of the work they do and come up with the best way of ensuring that their work has protection. After knowing and understanding the kind of work that these several editors have, the manager will make an informed decision on which documents are excellent for classification (Bidgoli 2006). However, the workers should explain in detail the value of the information to the manager. The manager in return tells the CEO, which information has undergone classification. The view of the CEO would make a clear picture of the best choice of the safety of the information. Protection of Documents Several reasons exist as to why data needs protection while others do not. The truth is that not everyone should know all information. There is the situation in which the company will not be in a good shape financially. During these times, it is only fair that not all people know about the status of the company. The truth is that should all people know about the dangerous situation, they will be scared and lose focus. It is imperative that one should keep away such vital information from the public (Ruan 2013). The result is that not all people know about the situation, and there is much concentration on work. It helps to shield certain kinds of information from people to avoid them from losing focus. Documents have protection because if information goes out of hand, then competitors will take advantage of the situation. In this case, the Information Manager should avoid information concerning the new technology about GSM from going to the third party. There will be a consideration of not allowing information into the public. BioMed is on the verge of losing of losing the contract of handling the provision of brain and phone material (Brown & Brown 2011). Loss of Data As people work in the company, there are high possibilities that data may vanish. The Information security manager should develop ways to arrest any future occurrences. These events lead to financial debts in the end. Some of the ways that the manager will use are setting up a separate account for backup and a continuous assessment of all data in the company. In the assessment of the data, all systems need updating to get the status of required work. The manager will put up a separate team to save classified information in a different place like a computer. There are circumstances in which hackers or intruder use viruses to destroy the database of the company. The manager should react before such people come into play. The manager will have to ensure that the company’s software is up to date and protected against viruses. System Protection Several software packages help in the protection of information. For example, Excel sheets having classified information can have passwords. For example, the Security Information Manager will tell all workers working to remember to put passwords on their clothes to avoid unnecessary exposure. The same procedure works for all micro soft documents such as word, and office documents. The use of these passwords should be such that no one can discover the passwords. The Information Security Manager should develop a mechanism to block the unlocking of the password. Work Schedule (Plan) The work plan has three months for implementation. The starting point is to identify the information that needs protection followed by selecting the best way of protection. The information has to undergo evaluation in order to determine the level of importance of the document. The level of importance of the material will determine the method of protection. After the information is safe, a review follows. The review will check if the method of keeping the information is okay while stating the reasons for classifying the document. Table 1: Three-Week work Schedule No. Week Duties Sub duties 1. 1 Collection of Data 1. Look for information that needs protection from all departments. 2.Put all the information into the section that show the weight. This section is First, Second, and Third Classes. In the each group, there are crucial documents with valuable information. The second class has intermediate information. Last class needs no information for classification. The data could as well be unclassified. 2. 2 Critical examination 1. Each of the classes undergoes criticism and checks for the in-depth quality and quantity in them. 2. Providing evidence as to why the information should undergo testing. 3. Pick the data and arrange it in order from the most to the least part of the information. 3. 3 Classifying data 1. Consider all the policies on classifying information. 2. Pick members that should know the information about work. 3. Determine the classification time that is the time for the given document needs protection. Some reports have extended protection time while others go for months or weeks. The time for handling particular government and company specifications occurs. 4. Introduce measure for penalties for intruders. 5. Preparing safety containers or boxes into which the classified data will exist for the state time. 6. Calculate the associated risks that pertain to securing information. 7. Put all the information into the required places of safety and confirm they are safe. 8. Introduce all the procedures that mattered in making of a system of securing information. 9. All members of the company should know how to protect classified information Reference American Society of Insurance Management., & Risk and Insurance Management Society. (1969). Risk management. New York, N.Y: American Society of Insurance Management. Brown, S. A., & Brown, M. (2011). Ethical issues and security monitoring trends in global healthcare: Technological advancements. Hershey, PA: Medical Information Science Reference. Bidgoli, H. (2006). Handbook of Information Security Volume 3. Hoboken: John Wiley & Sons. Black, C., Beken, T. ., Belgium., & Rijksuniversiteit te Gent. (2001). Reporting on organised crime: A shift from description to explanation in the Belgian annual report on organised crime. Antwerpen: Maklu. Dhillon, G., & Ebrary, Inc. (2001). Information security management: Global challenges in the new millennium. Hershey, Pa: Idea Group. Gifford, N. (2009). Information security: Managing the legal risks. Sydney: CCH Australia Limited. Hovenga, E. J. S. (2010). Health informatics: An overview. Amsterdam: IOS Press. Information Resources Management Association., & Khosrow-Pour, M. (2001). Managing information technology in a global environment. Hershey, PA: Idea Group Publishing. Norman, T. L. (2007). Integrated security systems design: Concepts, specifications, and implementation. Amsterdam: Elsevier Butterworth-Heinemann. Ruan, K. (2013). Cybercrime and cloud forensics: Applications for investigation processes. Hershey, PA: Information Science Reference. Read More