CHAPTER 67
DEVELOPING CLASSIFICATION POLICIES FOR DATA
Karthik Raman and Kevin Beets
67.2 WHY DATA CLASSIFICATION IS PERFORMED
67.3 DATA CLASSIFICATION'S ROLE IN INFORMATION SECURITY
67.4 LEGAL REQUIREMENTS, COMPLIANCE STANDARDS, AND DATA CLASSIFICATION
67.4.2 Family Educational Rights and Privacy Act
67.5 DESIGNING AND IMPLEMENTING DC
67.5.1 Data Classification Solutions
67.5.2 Examples of Data Classification Schemas
67.1 INTRODUCTION.
A figure appears from the bushes on a dark and stormy night and silently slips past two guards. Inside the building, a flashlight flickers to life and begins a slow dance around a cluttered office. The beam freezes. It illuminates an envelope that is stamped with large red letters: “TOP SECRET.”
The top secret label is likely the most popularly recognized part of an example of a data classification (DC) scheme. DC labels information so that its custodians and users can comply with established data protection policies when organizing, viewing, editing, valuing, protecting, and storing data.
Historically, DC has been used by the government and military. Today, however, it has increasingly become a necessity for businesses because of the competitive value of information, because of the legal requirements for maintenance of sound financial and operational records, and because of the demands of privacy-protection laws.
This ...
Get Computer Security Handbook, Fifth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
