Data Classification

You must understand the purpose of a data classification scheme, and be familiar with commercial data classification criteria and the government data classification scheme.

Information and data, in all their various forms, are valuable business assets. As with other, more tangible assets, the information’s value determines the level of protection required by the organization. Applying a single protection standard uniformly across all an organization’s assets is neither practical nor desirable.

A data classification scheme helps an organization assign a value to its information assets based on its sensitivity to loss or disclosure, as well as determine the appropriate level of protection. Additionally, data classification schemes may be required for regulatory or other legal compliance.

An organization’s employees also need to understand the classification schema being used, how to classify information assets, handling and safeguarding requirements, and proper destruction or disposal procedures.

Commercial data classification

Commercial data classification schemes are typically implemented to protect information that has a monetary value, to comply with applicable laws and protect privacy, and to limit liability. Criteria by which commercial data is classified include

check.png Value: The most common classification criterion in commercial organizations. It’s based on monetary ...

Get CISSP For Dummies, 4th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.