Educause Security Discussion mailing list archives

Re: Information Classification - Benchmark/Wisdom needed

From: Jim Moore <jhmfa () CIS RIT EDU>
Date: Thu, 18 Mar 2004 10:15:21 -0500

Thanks for getting back to me.

I am getting pushback from our Student Health organizations, Registrar,
Admissions, and Financial Aid that "everything is confidential,
appropriately handled, and it rarely leaves our organization"  They
especially don't want to make incoming documents.

Any further wisdom.  When did you implement your classification system?
 How did you approach it, was it the university all at once, or did the
medical school start it, and others follow, so as not to be left out?

Jim

Brian Reilly wrote:

Jim,

On Tue, 9 Mar 2004, Jim Moore wrote:

[snip]

Our admissions/financial aid organization, which deals with a large
intake of paper documents, and mails a lot of information (e.g.
acceptance, and award letters) basically said that we would be adding a
huge burden to them.  So the request was to benchmark information
classification as it related to admissions/financial aid.

1) Does anyone require classification, and marking of the paper documents?



Our information security policy covers information in any format --
electronic, tape, paper, etc.

2) Anything that you learned in tuning the process?



Create a default classification.  It'll make your life and the lives of
those that create/handle a lot of information much easier.  For us, if a
record or piece of information doesn't fall into the description of
"confidential" (e.g. student records, HR records, donor records, etc.) or
"unrestricted" (e.g. public information) it's automatically classified as
"internal-use-only."  We still recommend that people explicitly mark their
documents, but this way the information is still placed into one of these
categories even if they don't.

--Brian

______________________________________________
Brian Reilly, CISSP
University Network Security Officer
Georgetown University, UIS
<reillyb () georgetown edu>
+1 202.687.2775

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.



--
--
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
Telephone: (585)475-5406
Fax:       (585)475-7950

PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0DC9 963C D0C0

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Information Classification - Benchmark/Wisdom needed Jim Moore (Mar 09)
- <Possible follow-ups>
- Re: Information Classification - Benchmark/Wisdom needed Brian Reilly (Mar 09)
- Re: Information Classification - Benchmark/Wisdom needed Jim Moore (Mar 18)