![]() ![]() Table 3.4 COMMERCIAL DATA CLASSIFICATIONS FROM HIGHEST TO LOWESTĭata that is to have the most limited access and requires a high degree of integrity. Table 3.4 contains a typical list of classifications that can beused for commercial organizations, from highest to lowest. For others, a higher granularity mightbe necessary. Some organizations use two types ofclassification: confidential and public. There is no formula in creating the classification systemthe systemused is dependent on the data. Additionally, anongovernment organization might consider the integrity and availability of thedata in its classification model. The classification used is dependent on the overall sensitivity ofthe data and the levels of confidentiality desired. Commercial ClassificationĬlassification of commercial or nongovernment organizations does not have aset standard. Informationdata, such as those used for marketing, would be classified at a lower risk.Data classified at a higher risk can create security and access requirementsthat do not exist for lower risks, which might not require much protectionaltogether. After data is classified, a risk analysis can be used to set themost cost-effective ways of protecting that data from various attacks.Ĭlassifying data is supposed to tell you how the data is to be protected.More sensitive data, such as human resources or customer information, can beclassified in a way that shows that disclosure has a higher risk. Part ofsetting the level of risk associated with data is placing it in aclassification. When we talk about risk analysis and management, we talkabout the most cost-effective way of protecting the information asset. ![]() Throughout this chapter, we have discussed various aspects of protectinginformation assets. Understand the considerations and criteria for classifying data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |