Problem: Develop a three-level classification system for your enterprise resource planning (ERP) system by creating a policy that will be added as an addendum to the BCP. Consider the type of access control your users will be using and address the following:
Q1. Explain the meaning of information ownership and how to classify, handle, and label.
Q2. Describe vulnerability mapping, management, and trackability.
Q3. Explain the significance of configuration and Patch management within the policy.
Q4. Take into consideration who should be able to access, alter, save, or print the data. For each classification, decide how you will label your data to communicate the assigned classification.
Q5. Develop handling standards for each classification.