Educause Security Discussion mailing list archives
Re: Data classification and management tools
From: Tim Howard <Timothy_G_Howard () RAYTHEON COM>
Date: Tue, 20 Dec 2005 18:23:14 -0500
Gary, NIST has published Special Publication 800-60 in two volumes that classifies government information across various types, most of which would apply well in the academic arena. I recommend group members use this guide, especially for those elements of your organization who receive federal money in the form of grants and contracts. I have a spreadsheet with the info types that I use for a surface view of the categories, and will send it to anyone who contacts me offline. Cheers Tim Raytheon Tim Howard Information Security Manager Raytheon Information Solutions 301.943.4732 cell; timothy_g_howard () raytheon com Gary Dobbins <dobbins () ND EDU> 12/20/2005 02:46 PM Please respond to The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To SECURITY () LISTSERV EDUCAUSE EDU cc Subject [SECURITY] Data classification and management tools Does your campus use any specific tools and services for improving ease and accuracy of data stewardship? If so, please provide your answers to the following questions (esp. number 6) - I'll post aggregated results back to the list if there's interest. 1) Does your campus have a policy which defines classes of data by ensitivity? 2) Has your classification project completed? 3) Have you defined handling standards? (e.g. procedures, retention periods, im/permissible uses) 4) Are these standards defined per classification level, or per datum? 5) How are approved policy variations or alternative procedures tracked? 6a) Do you have an automated facility for conducting this activity? 6b) Manual process? 6c) FTE cost? 7) How do you make these policies/standards known to data users? 8) How do you determine compliance levels? 9) Overall satisfaction with your data stewardship support facility? 10) Things you would do differently if beginning anew? Thanks for your help with this question. -- ------------------------------------------------------------ Gary Dobbins, CISSP -- Director, Information Security University of Notre Dame, Office of Information Technologies
Current thread:
- Data classification and management tools Gary Dobbins (Dec 20)
- <Possible follow-ups>
- Re: Data classification and management tools Tim Howard (Dec 20)