6.5. Classifying Information

Information classification is a key aspect of a secure network. Again, the process of developing a classification scheme is both a technical and a human issue. The technologies you use must be able to support your organization's privacy requirements. People and processes must be in place and working effectively to prevent unauthorized disclosure of sensitive information.

If you think about all the information your organization keeps, you'll probably find that it breaks down into three primary categories: public use, internal use, and restricted use. Figure 6.10 shows the typical ratios of how this information is broken down. Notice that 80 percent of the information in your organization is primarily for internal ...

Get CompTIA Security+™: Study Guide, Fourth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.