Beruflich Dokumente
Kultur Dokumente
Document Reference
Item Description Document Title Department Reference ID Version No Status File Name Type Revision Date Publish Date DOC Dd/mm/yyyy Dd/mm/yyyy Asset Classification, Protection, Labeling & Handling Scheme Xxxxxxxxxxxx Xxxxxxxxxxx 1.0 DRAFT
Functional Section, Department Xxxxxxxx Functional Section, Department Xxxxxxxx Functional Section, Department Xxxxxxxx
Control Page
Date
Changed By
Xxx
Brief Explanation
Dd/mm/yyyy xxx
Table of Contents
1 Asset Classification Scheme.............................................................................................................5 1.1 Asset Classification Criteria........................................................................................................5 1.1.1 Confidentiality Criteria..........................................................................................................5 1.1.2 Integrity Criteria....................................................................................................................7 1.1.3 Availability Criteria...............................................................................................................7 2 Asset Protection Scheme..................................................................................................................8 3 Asset Labeling and Handling Matrix..................................................................................................8
Low Internal
Medium Departmental
High Confidential
Very High
Highly Confidential
documentation or bulletins etc. Internal Information (Individual departments) Such information is the property of Egypt Trust has the sole right over this information (exception: subjects of the information in most cases will also have rights to the information, such as a plan member having access rights to their contract). This form of information must be used within ET and not shared with third parties. Such information must be restricted to departmental personnel only. Examples include departmental memos, work programs, schedules, departmental plans etc Confidential Information Confidential information is a sensitive form of information. This information is distributed on a Need to Know basis only. Examples include employee personal information, business plans, unpublished financial statements, etc. Highly Confidential Information Highly confidential information is the most sensitive form of information. It is so sensitive that disclosure or usage would have a definite impact on ETs business and future and/or national security of Egypt. Extremely restrictive controls need to be applied (e.g., very limited audience). Examples include strategic plans, investment decisions etc.
Medium
High
Very High
Low
Sensitive
Medium
Status: Draft Ref: Func-Type-Dept-xxxx
Vital
High
Critical
Very High
Highly Critical
can be replaced by manual processes - but only for a brief period of time. There is a higher tolerance to interruption than with critical and highly critical systems and therefore somewhat lower costs of interruption provided that functions are restored within a certain timeframe. (usually 5 days or less) Unavailability of the asset will affect individual operations and services. These assets cannot be operated unless they are replaced by identical or similar capabilities. Critical assets cannot be replaced by manual methods. Tolerance to interruption is low; therefore cost to interruption is high Unavailability of the asset for any time frame will significantly affect multiple operations and services. These assets cannot be operated unless they are replaced by identical capabilities. Highly critical assets cannot be replaced by manual methods. Tolerance to interruption is very low; therefore cost to interruption is very high.
Storage on fixed media Storage on exchangeable media Copying Faxing Sending by public network (e.g. Internet) Disposal Release to third parties Electronic media labeling required Hardcopy labelling required Internal and external packaging Granting access rights Tracking process by log
Confidential
Departmental Physical Access Control Physical Access Control Permission of owner required Permission of owner required Encryption Optional
Public Clear Clear No restriction No restriction Clear Normal disposal Not required
Physical Access Control Encrypted Physical Access Control Permission of Permission of owner required owner required Permission of Permission of owner required owner required Encrypted Encrypted Secure disposal Owner approval (NDA) External labeling Each page Secure disposal Owner approval (NDA) External labeling Each page
Secure Normal disposal disposal Owner Owner approval approval (NDA) (NDA) No label No required required
label Date of release to public and classification No label Date of required release to public and classification Single Single Single envelope with envelope with envelope no marking no marking with no marking Departmental Departmental No Manager Manager restrictions Not required Not required Not required