Chapter 8

Categorizing Data Sensitivity

Abstract

Data sensitivity starts with confidentiality, integrity, and availability. Are confidential data protected? Are the data provided accurate? Are the data available as needed? Warning, don’t overclassify the data. Make a clear and accurate assessment of the data’s sensitive nature. Capital planning and information security go hand in hand. If the data are classified as highly sensitive, the controls to protect them cost more. NIST publications along with FIPS 199 help with the proper classification. Consider confidentiality, integrity, and availability individually and in combination.

Keywords

Availability; Confidentiality; Categorization; Sensitivity; FIPS 199; 1253; SP 800-60; Integrity; OMB 300; Cost ...

Get FISMA Compliance Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.