6.5. Classifying Information

Information classification is a key aspect of a secure network. Again, the process of developing a classification scheme is both a technical and a human issue. The technologies you use must be able to support your organization's privacy requirements. People and processes must be in place and working effectively to prevent unauthorized disclosure of sensitive information.

If you think about all the information your organization keeps, you'll probably find that it breaks down into three primary categories: public use, internal use, and restricted use. Figure 6.10 shows the typical ratios of how this information is broken down. Notice that 80 percent of the information in your organization is primarily for internal ...

Get CompTIA Security+™: Study Guide, Fourth Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.