Educause Security Discussion mailing list archives

Re: data classification

From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Wed, 28 May 2003 08:12:07 -0500

IU's data access and classification policy is at
http://datamgmt.iu.edu/.

Essentially, we have the same three classifications:  restricted (by
legal or ethical reasons, accessible by only employees whose job
requires access), University internal (accessible by any employee), and
public.  Similar to Georgetown, a Committee of Data Stewards is
operationally responsible for this policy and enforcement.  We have a
higher level committee as well, Committee on Institutional Data, which
discusses overall institutional philosophies related to data.  The key
is that functional offices are responsible for data policy, and the IT
people work with them to decide (and at times strongly suggest :)
necessary protections.

M.

-- 
Mark S. Bruhn, CISSP

Chief IT Security and Policy Officer
Interim Director, Research and Educational Networking Information
Sharing and Analysis Center (ren-isac () iu edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu




-----Original Message-----
From: Brian Reilly [mailto:reillyb () GEORGETOWN EDU] 
Sent: Tuesday, May 27, 2003 12:02 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] data classification


On Tue, 27 May 2003, Ted Frohling wrote:

[...]

What are other campuses doing in the area of data classification in

light

of the educational function being a public institution, etc.


Ted,

We address this in our Information Security Policy
(http://www.georgetown.edu/policy/technology/security.htm).  Information
is classified into one of three categories:  Confidential,
Internal-Use-Only, and Unrestricted.  Data stewards (e.g. University
Registrar, University Librarians, etc.) have the primary responsibility
of
classifying their information and assigning authorizations.

--Brian

______________________________________________
Brian Reilly, CISSP
University Network Security Officer
Georgetown University, UIS
<reillyb () georgetown edu>
+1 202.687.2775

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at
http://www.educause.edu/memdir/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.

Current thread:

data classification Ted Frohling (May 27)
- <Possible follow-ups>
- Re: data classification Jim Moore (May 27)
- Re: data classification Brian Reilly (May 27)
- Re: data classification Bruhn, Mark S. (May 28)
- Re: data classification Ted Frohling (May 28)
- Re: data classification Ted Frohling (May 28)
- Re: data classification Ted Frohling (May 28)