Asset Identification and Classification PolicyPolicy DefinitionThe goal of this organization is to implement the policies necessary to achieve the appropriate level of protection for each enterprise asset.StandardThe protection of each asset requires the collaboration of every employee. Different resources have a different probability of failure due to vulnerabilities and threats and require annual information security training for each employee. Procedure A true security program includes asset identification and classification policies, therefore the identification and categorization, monitoring and management of assets require the creation and implementation of an inventory checklist according to the recommendation scheme contained in the NIST 800-53 Rev. 4 Security and Privacy Controls for Federal Information Technology Systems and Organizations. Guidelines Classifying assets based on business needs in the event of a disaster is critical to this organization, so the classification scheme requires approval from the Chief Information Officer and the building security manager. This asset assessment/classification must include the following parameters:• Identification of the type of assets included (network components, devices (laptops, workstations, servers, routers and data)• Classification of each identified asset• Data classification o Based on roles, responsibilities and access privilegesIt is imperative to conduct an annual management assessment. Asset Management and Protection Policy Policy DefinitionToday an organization must take every precaution to manage and protect their assets, including offshore, physical and IT infrastructure assets The need for resource management and protection is a harsh reality and, by design, not only... middle of paper... the market, will increase profits and comply with both external and internal policies and procedures, including federal laws and regulations. Before an organization begins to discuss, design, or implement policies, it is critical to clearly understand the hardening and benefits of a layered defense at key points in the network (public and private), on the server, and on the desktop. . Policies written by an organization, which include guidelines or mandates from a government body, therefore ensure a multi-layered approach. Reference SANS Institute. (2003). Global Information Assurance Certification Document. Retrieved from http://www.giac.org/paper/gsec/3908/layered-security-model-osi-information-security/106272SANS Institute. (2003). Global Information Assurance Certification Document. Retrieved from http://www.giac.org/paper/gsec/2599/layered-security/104465