Data Security in MIS
Classification
is an effective way to protect your valuable data. By identifying the types of data,
you store and pinpointing where sensitive data resides, you are well positioned
to:
1. Prioritize
your security measures, adjusting your security controls based on data sensitivity
2. Understand
who can access, modify or delete data
3. Assess
risks, such the business impact of a breach, ransomware attack or other threat
Types of Data Classification
1. Content-based classification inspects and
interprets files to identify sensitive information.
2. Context-based classification looks at
application, location, creator tags and other variables as indirect indicators
of sensitive information.
3. User-based classification depends on manual
selection of each document by a person.
Examples of Data Classification
Categories
Example
of a Basic Classification Scheme
The
simplest scheme is three-level classification:
1. Public
data — Data that can
be freely disclosed to the public. Examples include your company contact
information and browser cookie policy.
2. Internal
data — Data that has
low security requirements but is not meant for public disclosure, like
marketing research.
3. Restricted
data — Highly
sensitive internal data. Disclosure could negatively affect operations and put
the organization at financial or legal risk. Restricted data requires the highest
level of security protection.
Example
of a Government Classification Scheme
Government
agencies often use three levels of sensitivity but give them different labels
than listed above: top secret, secret and public. For more complex data
structures, more levels may be added. Here is a five-level strategy with
examples:
1. Top
secret —
Cryptologic and communications intelligence
2. Secret — Select military plans
3. Confidential — Data indicating the strength of ground
forces
4. Sensitive
unclassified —
Data tagged “For Official Use Only”
5. Unclassified — Data that may be publicly
released with authorization
Example
of Commercial Classification
Typically,
organizations that store and process commercial data use four levels to
classify data: three confidential levels and one public level. Some expand that
to a five-level system with the following levels:
1. Sensitive — Intellectual property, PHI
2. Confidential — Vendor contracts, employee
reviews
3. Private — Customer names or images
4. Proprietary — Organizational processes
5. Public — Information that may be disclosed to anyone.
No comments:
Post a Comment