ISS Data Classification Standards: Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly. Information Security Governance or ISG is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management. A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. There are three types of policies; regulatory, advisory, and informative. There are also three types of security policies; organizational, issue specific and system specific. Standards refer to mandatory activities, actions, rules, or regulations. Also standards can give a policy its support and reinforcement in direction. Standards could be internal, or externally mandated as well. Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal such as procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, etc… Procedures are considered the lowest level in the policy chain because they are closest to the computers and users If a policy states that all individuals who access confidential information must be properly authenticated, the supporting procedures will explain the steps for this to happen by defining the access criteria for authorization, how access control mechanisms are implemented and configured, and how access activities are audited as well.

IT Infrastructure: IT infrastructure consists of the equipment, systems, software, and