Imagine that you are employed by the University of Hertfordshire. Your task is to research and draft an Information Classification and HandlingPolicy along the lines of the ISO27000 family for the university. In particular you may wish to refer to ‘ISO 27001 A.8.2 Information Classification’to ensure that information receives an appropriate level of protection in accordance with its importance to the organisation. You are advised toinclude an appropriate classification scheme and a clear set of policy statements with controls and examples of how the information should behandled. You should also research the General Data Protection Regulation (GDPR) and any other relevant legislation and incorporate this into your policy. You should take into consideration any confidentiality, integrity, and availability (CIA) issues of the information assets for the university and assessall relevant risks. Any work as part of your research on security policies, consideration of issues and risk assessment
Read less