Classifying Data
Understand the considerations and criteria for classifying data.
Throughout this chapter, we have discussed various aspects of protecting information assets. When we talk about risk analysis and management, we talk about the most cost-effective way of protecting the information asset. Part of setting the level of risk associated with data is placing it in a classification. After data is classified, a risk analysis can be used to set the most cost-effective ways of protecting that data from various attacks.
Classifying data is supposed to tell you how the data is to be protected. More sensitive data, such as human resources or customer information, can be classified in a way that shows that disclosure has a higher risk. Information ...
Get CISSP Training Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
