Educause Security Discussion mailing list archives
Re: Data Classification: Legal criteria
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 18 Mar 2008 19:21:12 -0400
On Tue, 18 Mar 2008 16:05:59 PDT, Ozzie Paez said:
driving the strictest classifications. Having said that, in this day and age, don't forget to check on data related to sensitive, i.e. highly dangerous, chemicals, lab specimens, etc., which your institution may store or generate through labs on campus. Information on storage locations and inventories may need to be secured as well.
On the flip side - keep in mind that in some cases, such info either has to be or at least should be shared with some groups. For instance, the local fire department would likely want to know if they're about to walk into a hazmat situation when responding to an alarm... In general, make sure that your data classification is along *3* orthogonal dimensions: sensitivity, integrity, and availability. After all, if you're going to through all your data and sticking a "sensitivity" label on it, you may as well assess the integrity and availability requirements as well. You probably have data that is totally anti-sensitive, has fairly high integrity requirements, and insane availability - for example, your phone directory. It's the opposite of sensitive, you can tolerate a *few* errors in it, but if you suddenly lose it, your organization is in trouble. Among other things, evaluating the other two dimensions will come in handy if/when it comes time to review your disaster recovery plans - at that point, you'll be wishing you had a good overview of what the availability requirements for each piece of data is....
Attachment:
_bin
Description:
Current thread:
- Re: Data Classification: Legal criteria, (continued)
- Re: Data Classification: Legal criteria David Kovarik (Mar 18)
- Re: Data Classification: Legal criteria Basgen, Brian (Mar 18)
- Re: Data Classification: Legal criteria Doug Markiewicz (Mar 18)
- Re: Data Classification: Legal criteria Bill Badertscher (Mar 18)
- Re: Data Classification: Legal criteria David Kovarik (Mar 18)
- Re: Data Classification: Legal criteria Basgen, Brian (Mar 18)
- Re: Data Classification: Legal criteria Sherry, Cathy (Mar 18)
- Re: Data Classification: Legal criteria Brad Judy (Mar 18)
- Re: Data Classification: Legal criteria Gary Dobbins (Mar 18)
- Re: Data Classification: Legal criteria Ozzie Paez (Mar 18)
- Re: Data Classification: Legal criteria Valdis Kletnieks (Mar 18)
- Re: Data Classification: Legal criteria Ced Bennett (Mar 19)