Educause Security Discussion mailing list archives

Re: Data Classification Schema

From: Robert Meyers <remeyers () MAIL WVU EDU>
Date: Fri, 30 Dec 2011 10:13:13 -0500

Can I assume that the University of Rochester is governed by New York
FOIA?  How does that affect the classifications Confidential and
Internal Use Only? While we continue to struggle with codification of
data classification, the current suggested structure is Confidential by
Legal Definition, Restricted (but available via WV FOIA procedures), and
Public.  Departmental specific information is still WVU information and
therefore subject to the enterprise classifications. Sub-classifications
by department implies separate laws governing those divisions which is
not the case.  In a public agency it is well argued that only legally
restricted information such as PII is truly confidential.
 
But that's only my opinion. I've been wrong today a dozen times and it
isn't yet lunch time.
 
Bob
 


 
 
Robert E. Meyers,  Ms.Ed.
Educational Program Manager
  Office of Information Security
West Virginia University
office: (304) 293-8502
remeyers () mail wvu edu

On Friday, December 30, 2011 at 8:54 AM, "Myers, Julie"

<julie.myers () ROCHESTER EDU> wrote:


We have a four level data classification structure at the University of
Rochester:  Legally Restricted, Confidential, Internal Use Only, Public.
 
 
I know many university*s have a data classification policy and within
that policy examples are highlighted for the reader.  I was wondering if
anyone has taken their data classification process down to the next
level and created a data map / schema to assist the end users and to try
remove the shades of gray when trying to classify department specific
information ?  We continually are question on *what is confidential* and
are trying to more clearly define this for our end users.  
 
I hope you all have a wonderful New Year !
 
Thank you, 
 
Julie Myers 
Chief Information Security Officer 
University of  Rochester - University IT
julie.myers () rochester edu  
p: 585.273.1804  c: 585.208.0939  
P Think twice before you print
 CONFIDENTIALITY: This email (including any attachments) may contain
confidential, proprietary and privileged information, and unauthorized
disclosure or use is prohibited. If you received this email in error,
please notify the sender and delete this email from your system. Thank
you.

Current thread:

Data Classification Schema Myers, Julie (Dec 30)
- Re: Data Classification Schema Robert Meyers (Dec 30)
- Re: Data Classification Schema Valdis Kletnieks (Dec 30)
- Re: Data Classification Schema Lewis, David (CIO) (Dec 30)