Data classification categories and handling standards are necessary to properly protect information. Email is a good example of an information system that processes, stores, and transmits many types of information.
Develop a three-level classification system for your email communications. Consider the type of emails you send and receive. Take into consideration who should be able to view, save, print, or forward your email. For each classification, decide how you will label your emails to communicate the assigned classification. For each classification, develop handling standards.
Multiple information systems are used to process, transmit, store, and back up email. Identify as many systems as possible involved in each step. For each system identified, document the person or position you would expect to be the information system owner. Is it necessary to provide them with a copy of your classification system or handling standards? Why, or why not?
Sometimes information system owners have different priorities. For example, your Internet service provider (ISP) by law has the right to view/open all documents that are stored on or passed through its systems. The ISP may choose to exercise this right by scanning for viruses or checking for illegal content. Suppose you have sent emails that could cause harm if they were disclosed or compromised. As the information owner, what are your options?
Sample Solution
