Instructions:
1. Review the information classification standard (Table 1) and the associated job roles list for Acme.
2. In the Information Classification Standard Matrix beginning on page 3, align the information classification standard with appropriate access control based on job roles.
Table 1: Acme Incorporated Information Classification Standard
| Information Classification | Potential Impact | Types of Information |
| Public | · None or limited · Mention in local media · No impact on operations, financial performance, or public image | Published documents, Web pages, newspaper advertisements, non-sensitive, information |
| Internal Use Only | · Limited impact from negative publicity · Slight image or financial harm not prolonged or severe in nature | Internal memorandums of operations, continuing contracts, private customer information, short-term operating results, and strategy |
| Confidential | · More severe than limited · Impact from negative publicity for up to six months · Moderate image or financial harm of less than $5 million over 6 to 12 months | Critical and sensitive operating reports, personnel records, pay records, medical records, severe workforce management information, and periodic financial information reported to the public |
| Restricted | · Severe impairment to public image and financial operations · Impairs customer and public trust · More than $10 million loss in three months · Sustained negative publicity expected for one or more years · Impairs ability to execute operation and strategic initiatives | Strategic plans, communications with the board of directors or with joint venture boards of directors, internal investigations, strategic expansion plans, and associated workforce management |
Acme Incorporated Job Roles
· Chief Executive Officer (CEO)*
· Senior VP of International Acquisitions*
· Executive VP of Marketing*
· VP of Human Resources
· Plant Manager
· Southwest Region General Manager
· Southwest Region Store Manager
· Northwest Region Store Sales Clerk
· Information Security Specialist
· Customer
* Board members
Acme Incorporated Information Classification Standard Matrix
| Document to Classify | Public | Internal Use Only | Confidential | Restricted | Who Should Have Access |
| Monthly terminations and new hires report (company-wide) | |||||
| Contract for long-term lease in Singapore | |||||
| China sales forecast with projected revenue based on three-year expansion plan | |||||
| Northwest Region sales results by product category | |||||
| Community involvement information published on corporate Intranet released by public affairs | |||||
| Northwest Region manpower workforce reduction report | |||||
| Southwest Region weekly store operating results |
| Document to Classify | Public | Internal Use Only | Confidential | Restricted | Who Should Have Access |
| Strategic planning documents for changing core organizational functions | |||||
| Online product catalog | |||||
| Executive reports to the board of directors | |||||
| Internal fraud investigation from Southwest Region involving the Southwest Region General Manager |
