Information Security involves more than hardening your perimeter defenses. The core of your organization is your data – your crown jewels. In order to truly understand the heart of what you are protecting, your data can be “classified.” Peters & Associates can assist you through the process by performing a data classification workshop. During the workshop, you will identify data types, evaluate their storage, sensitivity, access controls and protection.
Step 1. Inventory (know what you have)
Step 2. Categorize (know your sensitivity)
Step 3. Control (implement safeguards)
As related to Information Security, data classification involves classifying data based on sensitivity. The data can be put in groups. Common classifications are confidential, private, sensitive and public. In addition to the obvious bank information, litigation data or medical records, data classification may also apply to the secret sauce of your organizational process. Each organization is different–therefore you will have your own requirements.
Government, Financial and Business classifications may not be the same. However, they share the same security objectives:
Additionally, the assignment of impact for each objective is required:
- Low (limited adverse effect on the organization)
- High (severe or catastrophic adverse effect could mean the loss of confidentiality, integrity or availability that result in the inability of the core business functions, major financial loss or individual harm)
You, of course, would likely love to protect everything with the same level of security. But the time and effort to do that is not realistic. This pragmatic approach enables you to protect what is most critical to your business.
Peters & Associates understands the process can seem overwhelming. We have a dedicated team of consultants and Information Security practitioners that can assist you with putting together a plan to classify and protect your crown jewels. Contact us at email@example.com to learn more – we are happy to help!