Define the Firewall Design Policy
A lower-level policy that describes how the firewall will handle prevention of access and filtering of services as defined in the above network service access policy.
Classification of data is an important requirement of the company's security policy. The company should define various types of information used within the company and the relative value associated with it. The low value information would consist of general product information, specifications, turn over, etc. That may be placed on a web server, whereas high value information would consist of information specific to new product designs, tender quotes, investments, plans and other commercially sensitive information.