solved In the assignments for this course you will develop parts

In the assignments for this course you will develop parts of a corporate security policy for a hypothetical health insurance company (imaginatively named HIC, Inc.). Each week, you will be asked to write one part of the policy framework document set. The framework we will use in this course is a version of that described in “ META Security Group Information Security Policy Framework.” The framework consists of a Security Program Charter, several policy areas, and associated standards
In this assignment, you are to write an asset identification and classification policy for HIC, Inc., including an information classification standard that identifies:

the information to be protected
the security labels that will be applied to that information.

Be sure to account for PHI, as well as corporate data and any other classes of data that you identify. Indicate whether the classification policy is a mandatory policy, discretionary policy, or if it is a combination of both. Is your system based on a formal model? If so, indicate which, and why you chose that model.
Remember that classification categories only make sense in terms of an access control policy. An access control policy identifies what is protected, but also who has access, what kind of access they have, and penalties for non-compliance.
For each classification that you identify, include the following information:

Who will be authorized to access the data in each of the classifications?
Is there some kind of clearance involved, or “need-to-know”?
What is the responsibility of authorized users with respect to the data they access?
Can authorized users do what they want with the data, or are there restrictions, and what are the penalties?

You will need to do some research on this and look at some examples that are currently out there. Your document must provide reasonably clear guidance to employees as to what they are allowed to access and how they should handle the data in order to avoid disciplinary actions.
Your asset identification and classification policy document must be no longer than three pages and include at least two references in APA format.
Just a couple of reminders or bits of info to keep in mind when doing this week’s assignment.

Data classification outlines protection, and requirements of data that are critical to an organization.
The info/assets that are to be protected and the classification that applies to them.
Besides including the Access Control requirements for the policy you will want to make sure you include areas like roles and responsibilities, classification levels, compliance, and enforcement to your policy.
Don’t forget about the timeframe/timeline as to when your organization leadership wants to have the policy in place by
The ramifications as to if an employee doesn’t abide by the rules/policy.

Sample Outline of the paper could be:
Abstract
Purpose
Scope
Data Types
Information Classification Levels
Data Access
Compliance