Educause Security Discussion mailing list archives
Re: Minimum Control Sets for Data Classifications
From: "Everett, Alex D" <alex.everett () UNC EDU>
Date: Thu, 23 Feb 2012 17:00:51 +0000
Martin: Please see the link below. We have basically two classifications: data that must be protected, and all other data. There are minimum sets of controls for systems on our network. The protected systems have a greater set of controls to meet. http://its.unc.edu/ccm/groups/public/@its/documents/content/ccm1_033440.pdf Sincerely, Alex Everett, CISSP, CCNA University of North Carolina Chapel Hill On Feb 23, 2012, at 11:54 AM, Martin Manjak wrote:
Those of you who have implemented a data or asset classification schema, do you also have minimum control sets (admin, physical, technical) that are tied to each category of data? For example, if the data handled is categorized as "highly sensitive," "confidential," or whatever label you've assigned to the data that presents the highest institutional risk, is there a minimum set of controls that have to be in place in the offices or business/academic units that routinely use this type of information? And if the answer is yes, would mind replying with a reference to those controls? Marty -- Martin Manjak CISSP, GIAC GSEC-G Information Security Officer University at Albany MSC 209 518/437-3813 The University at Albany will never ask you to reveal your password. Please ignore all such requests.
Sincerely, Alex Everett, CISSP, CCNA Information Security Office University of North Carolina at Chapel Hill 919.445.9393
Current thread:
- Minimum Control Sets for Data Classifications Martin Manjak (Feb 23)
- Re: Minimum Control Sets for Data Classifications Everett, Alex D (Feb 23)