Re: Information Classification - Benchmark/Wisdom needed

[Brian Reilly <reillyb () GEORGETOWN EDU>]

Jim,

On Tue, 9 Mar 2004, Jim Moore wrote:

[snip]

> Our admissions/financial aid organization, which deals with a large
> intake of paper documents, and mails a lot of information (e.g.
> acceptance, and award letters) basically said that we would be adding a
> huge burden to them.  So the request was to benchmark information
> classification as it related to admissions/financial aid.
>
> 1) Does anyone require classification, and marking of the paper documents?

Our information security policy covers information in any format --
electronic, tape, paper, etc.

> 2) Anything that you learned in tuning the process?

Create a default classification.  It'll make your life and the lives of
those that create/handle a lot of information much easier.  For us, if a
record or piece of information doesn't fall into the description of
"confidential" (e.g. student records, HR records, donor records, etc.) or
"unrestricted" (e.g. public information) it's automatically classified as
"internal-use-only."  We still recommend that people explicitly mark their
documents, but this way the information is still placed into one of these
categories even if they don't.

--Brian

______________________________________________
Brian Reilly, CISSP
University Network Security Officer
Georgetown University, UIS
<reillyb () georgetown edu>
+1 202.687.2775

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.