DATA CLASSIFICATION
Data classification is broadly defined as the process of organizing data by relevant categories so that it may be used and protected more efficiently. The classification process not only makes data easier to locate and retrieve – data classification is of particular importance when it comes to risk management, compliance, and data security.
Data classification involves tagging data, which makes it easily search able and track able. It also eliminates multiple duplications of data, which can reduce storage and backup costs, as well as speed up the search process.
To be effective, a classification scheme should be simple enough that all employees can execute it properly. Here is an example of what a data classification scheme might look like:
Category 4: Highly sensitive corporate and customer data that if disclosed could put the organization at financial or legal risk
Example: Employee social security numbers, customer credit card numbers
Category 3: Sensitive internal data that if disclosed could negatively affect operations.
Example: Contracts with third-party suppliers, employee reviews
Example: Contracts with third-party suppliers, employee reviews
Category 2: Internal data that is not meant for public disclosure.
Example: Sales contest rules, organizational charts
Category 1: Data that may be freely disclosed with the public.
Advantage of Data Classification
consistent use of data classification will facilitate more efficient business activities, and lower the costs of ensuring adequate information security. By classifying data, the company can prepare generally to identify the risk and impact of an incident based upon what type of data is involved. The classifications as listed (public, internal, confidential) give a basis for determining the impact based upon the level and type of access to data. Together, data classification and level of access drive the business impact which will determine the response, escalation and notifications of incidents.
consistent use of data classification will facilitate more efficient business activities, and lower the costs of ensuring adequate information security. By classifying data, the company can prepare generally to identify the risk and impact of an incident based upon what type of data is involved. The classifications as listed (public, internal, confidential) give a basis for determining the impact based upon the level and type of access to data. Together, data classification and level of access drive the business impact which will determine the response, escalation and notifications of incidents.
Tidak ada komentar:
Posting Komentar