Educause Security Discussion mailing list archives
Re: Data Classification: Legal criteria
From: Ced Bennett <ced.bennett () STANFORD EDU>
Date: Wed, 19 Mar 2008 10:00:48 -0700
Brian - You'll find some useful guidance in the Risk Assessment Framework on the EDUCAUSE wiki. Look at the two steps of Phase 0, Process 1 to find a very simple, straightforward approach to this. Also note a reference to an example of what the outcome might look like for a typical institution. The URL for the framework is https://wiki.internet2.edu/confluence/display/secguide/Risk+Assessment+Frame work. Scroll down to Phase 0 and you'll see the links to the two steps and the example. Ced Bennett ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Cedric Bennett Ph: 650 858-0883 Cell: 650 619-0145 Emeritus Director, Information Security Services Stanford University Ced.Bennett () Stanford edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Basgen, Brian Sent: Tuesday, March 18, 2008 11:04 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Data Classification: Legal criteria We are in the process of developing a data classification policy with three types: public, internal, and confidential. The criteria or logic behind classifying confidential data is fairly easy: FERPA, GLBA, PCI, etc, requires the confidentiality of certain data types. Yet, I am not clear on the best external criteria to use for classification of internal data. Peer institutions, "best practices" is one thought, but I'm wondering what other objective criteria people have employed for the justification of making certain kinds of data internal as opposed to public. Let me know, thanks. ~~~~~~~~~~~~~~~~~~ Brian Basgen Information Security Pima Community College
Current thread:
- Re: Data Classification: Legal criteria, (continued)
- Re: Data Classification: Legal criteria Basgen, Brian (Mar 18)
- Re: Data Classification: Legal criteria Doug Markiewicz (Mar 18)
- Re: Data Classification: Legal criteria Bill Badertscher (Mar 18)
- Re: Data Classification: Legal criteria David Kovarik (Mar 18)
- Re: Data Classification: Legal criteria Basgen, Brian (Mar 18)
- Re: Data Classification: Legal criteria Sherry, Cathy (Mar 18)
- Re: Data Classification: Legal criteria Brad Judy (Mar 18)
- Re: Data Classification: Legal criteria Gary Dobbins (Mar 18)
- Re: Data Classification: Legal criteria Ozzie Paez (Mar 18)
- Re: Data Classification: Legal criteria Valdis Kletnieks (Mar 18)
- Re: Data Classification: Legal criteria Ced Bennett (Mar 19)