Educause Security Discussion mailing list archives
Re: data classification
From: "Bruhn, Mark S." <mbruhn () INDIANA EDU>
Date: Wed, 28 May 2003 08:12:07 -0500
IU's data access and classification policy is at http://datamgmt.iu.edu/. Essentially, we have the same three classifications: restricted (by legal or ethical reasons, accessible by only employees whose job requires access), University internal (accessible by any employee), and public. Similar to Georgetown, a Committee of Data Stewards is operationally responsible for this policy and enforcement. We have a higher level committee as well, Committee on Institutional Data, which discusses overall institutional philosophies related to data. The key is that functional offices are responsible for data policy, and the IT people work with them to decide (and at times strongly suggest :) necessary protections. M. -- Mark S. Bruhn, CISSP Chief IT Security and Policy Officer Interim Director, Research and Educational Networking Information Sharing and Analysis Center (ren-isac () iu edu) Office of the Vice President for Information Technology and CIO Indiana University 812-855-0326 Incidents involving IU IT resources: it-incident () iu edu Complaints/kudos about OVPIT/UITS services: itombuds () iu edu -----Original Message----- From: Brian Reilly [mailto:reillyb () GEORGETOWN EDU] Sent: Tuesday, May 27, 2003 12:02 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] data classification On Tue, 27 May 2003, Ted Frohling wrote: [...]
What are other campuses doing in the area of data classification in
light
of the educational function being a public institution, etc.
Ted, We address this in our Information Security Policy (http://www.georgetown.edu/policy/technology/security.htm). Information is classified into one of three categories: Confidential, Internal-Use-Only, and Unrestricted. Data stewards (e.g. University Registrar, University Librarians, etc.) have the primary responsibility of classifying their information and assigning authorizations. --Brian ______________________________________________ Brian Reilly, CISSP University Network Security Officer Georgetown University, UIS <reillyb () georgetown edu> +1 202.687.2775 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- data classification Ted Frohling (May 27)
- <Possible follow-ups>
- Re: data classification Jim Moore (May 27)
- Re: data classification Brian Reilly (May 27)
- Re: data classification Bruhn, Mark S. (May 28)
- Re: data classification Ted Frohling (May 28)
- Re: data classification Ted Frohling (May 28)
- Re: data classification Ted Frohling (May 28)