O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Data Classification

You must understand the purpose of a data classification scheme, and be familiar with commercial data classification criteria and the government data classification scheme.

Information and data, in all their various forms, are valuable business assets. As with other, more tangible assets, the information’s value determines the level of protection required by the organization. Applying a single protection standard uniformly across all an organization’s assets is neither practical nor desirable.

A data classification scheme helps an organization assign a value to its information assets based on its sensitivity to loss or disclosure, as well as determine the appropriate level of protection. Additionally, data classification schemes may be required for regulatory or other legal compliance.

An organization’s employees also need to understand the classification schema being used, how to classify information assets, handling and safeguarding requirements, and proper destruction or disposal procedures.

Commercial data classification

Commercial data classification schemes are typically implemented to protect information that has a monetary value, to comply with applicable laws and protect privacy, and to limit liability. Criteria by which commercial data is classified include

check.png Value: The most common classification criterion in commercial organizations. It’s based on monetary ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required