Educause Security Discussion mailing list archives

Data Classification: Legal criteria

From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Tue, 18 Mar 2008 11:03:52 -0700

 We are in the process of developing a data classification policy with
three types: public, internal, and confidential.

 The criteria or logic behind classifying confidential data is fairly
easy: FERPA, GLBA, PCI, etc, requires the confidentiality of certain
data types. Yet, I am not clear on the best external criteria to use for
classification of internal data. Peer institutions, "best practices" is
one thought, but I'm wondering what other objective criteria people have
employed for the justification of making certain kinds of data internal
as opposed to public. Let me know, thanks.  

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College

Current thread:

Data Classification: Legal criteria Basgen, Brian (Mar 18)
- <Possible follow-ups>
- Re: Data Classification: Legal criteria Chris Gauthier (Mar 18)
- Re: Data Classification: Legal criteria David Kovarik (Mar 18)
- Re: Data Classification: Legal criteria Basgen, Brian (Mar 18)
- Re: Data Classification: Legal criteria Doug Markiewicz (Mar 18)
- Re: Data Classification: Legal criteria Bill Badertscher (Mar 18)
- Re: Data Classification: Legal criteria David Kovarik (Mar 18)
- Re: Data Classification: Legal criteria Basgen, Brian (Mar 18)
- Re: Data Classification: Legal criteria Sherry, Cathy (Mar 18)
- Re: Data Classification: Legal criteria Brad Judy (Mar 18)
- Re: Data Classification: Legal criteria Gary Dobbins (Mar 18)

(Thread continues...)