Educause Security Discussion mailing list archives

Re: Data classification and management tools

From: Tim Howard <Timothy_G_Howard () RAYTHEON COM>
Date: Tue, 20 Dec 2005 18:23:14 -0500

Gary,
NIST has published Special Publication 800-60 in two volumes that
classifies government information across various types, most of which
would apply well in the academic arena.  I recommend group members use
this guide, especially for those elements of your organization who receive
federal money in the form of grants and contracts.  I have a spreadsheet
with the info types that I use for a surface view of the categories, and
will send it to anyone who contacts me offline.

Cheers
Tim




Raytheon
Tim Howard
Information Security Manager
Raytheon Information Solutions
301.943.4732 cell;      timothy_g_howard () raytheon com



Gary Dobbins <dobbins () ND EDU>
12/20/2005 02:46 PM
Please respond to
The EDUCAUSE Security Discussion Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>


To
SECURITY () LISTSERV EDUCAUSE EDU
cc

Subject
[SECURITY] Data classification and management tools






Does your campus use any specific tools and services for improving ease
and
accuracy of data stewardship?

If so, please provide your answers to the following questions (esp. number

6) - I'll post aggregated results back to the list if there's interest.

1) Does your campus have a policy which defines classes of data by
ensitivity?

2) Has your classification project completed?

3) Have you defined handling standards?
    (e.g. procedures, retention periods, im/permissible uses)

4) Are these standards defined per classification level, or per datum?

5) How are approved policy variations or alternative procedures tracked?

6a) Do you have an automated facility for conducting this activity?

6b) Manual process?

6c) FTE cost?

7) How do you make these policies/standards known to data users?

8) How do you determine compliance levels?

9) Overall satisfaction with your data stewardship support facility?

10) Things you would do differently if beginning anew?


Thanks for your help with this question.

--

   ------------------------------------------------------------
   Gary Dobbins, CISSP -- Director, Information Security
   University of Notre Dame, Office of Information Technologies

Current thread:

Data classification and management tools Gary Dobbins (Dec 20)
- <Possible follow-ups>
- Re: Data classification and management tools Tim Howard (Dec 20)