Data Classification Standards
Mandatory access control (MAC) involves assigning each object a specific classification, which often relies on the regulations that apply to the specific type of data. Examples include the protection of personal information, financial information, and health information.
Classifying data is the duty of the data owner, which is the person who owns the data or someone the owner assigns. A similar term, system owner, refers to the person or group that manages the infrastructure. System owners are often in control of change or configuration management, but they are not in control of data classification.
It’s important to understand the difference between clearance and classification. The authorization process grants ...
Get Fundamentals of Information Systems Security, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
