Educause Security Discussion mailing list archives
Re: Information Classification - Benchmark/Wisdom needed
From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Tue, 9 Mar 2004 17:29:33 -0500
Jim, On Tue, 9 Mar 2004, Jim Moore wrote: [snip]
Our admissions/financial aid organization, which deals with a large intake of paper documents, and mails a lot of information (e.g. acceptance, and award letters) basically said that we would be adding a huge burden to them. So the request was to benchmark information classification as it related to admissions/financial aid. 1) Does anyone require classification, and marking of the paper documents?
Our information security policy covers information in any format -- electronic, tape, paper, etc.
2) Anything that you learned in tuning the process?
Create a default classification. It'll make your life and the lives of those that create/handle a lot of information much easier. For us, if a record or piece of information doesn't fall into the description of "confidential" (e.g. student records, HR records, donor records, etc.) or "unrestricted" (e.g. public information) it's automatically classified as "internal-use-only." We still recommend that people explicitly mark their documents, but this way the information is still placed into one of these categories even if they don't. --Brian ______________________________________________ Brian Reilly, CISSP University Network Security Officer Georgetown University, UIS <reillyb () georgetown edu> +1 202.687.2775 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Information Classification - Benchmark/Wisdom needed Jim Moore (Mar 09)
- <Possible follow-ups>
- Re: Information Classification - Benchmark/Wisdom needed Brian Reilly (Mar 09)
- Re: Information Classification - Benchmark/Wisdom needed Jim Moore (Mar 18)