RE: Notebook policy (need advice)

["Pranav Lal" <pranav.lal () gmail com>]

Hi Justin,

<snip This is also something my company is currently looking at. One of the
issues we discussed however was the fact that when you start basing policy on
risk there becomes a "grey" area. For example, we really only care about losing
"sensitive" information, but in our environment, that tends to lead to our users
deciding what is "sensitive", and applying their budget/decision accordingly. By
making a policy/standard across the board, we might be paying extra to encrypt
unsensitive data but avoid something slipping through the cracks. 
PL] this is where an information asset classification comes in handy. You can
mandate that all assets above a certain classification level need to be
encrypted by default which takes the judgement out of the users the main.

Pranav