Educause Security Discussion mailing list archives
Re: Data Classification and Storage Environments
From: "SCHALIP, MICHAEL" <mschalip () CNM EDU>
Date: Mon, 6 Feb 2012 12:51:42 -0700
Sorry.....but, to me that sounds like too much of a shotgun approach. I'd be hard pressed to equate the lunch menu from the cafeteria to someone's social security number on a form. I've always felt that there has to be some varying levels of protection, but mixed in with some sense of reality and commonsense.....protecting data usually comes back to having a clear definition of your protections required on specific data classifications - and making sure that the users are clear on what those definitions mean to them and their business unit - and then giving them the technological means of meeting your policy requirements.... Protect the SSN.....don't worry about the lunch menu.....;-) Just my $.02..... M From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Robert Meyers Sent: Monday, February 06, 2012 12:39 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Data Classification and Storage Environments I've heard the argument two ways: 1) Attempting to secure ALL data at the same high level is futile, and 2) Applying different levels of security to different data classifications leaves high security data open to disclosure if incorrectly classified, or provides an unexpected back door to climb upwards in the system. In my personal opinion, lock it all down at the highest security level and sleep better at night. Bob Robert E. Meyers, Ms.Ed. Educational Program Manager Office of Information Security West Virginia University office: (304) 293-8502 remeyers () mail wvu edu<mailto:remeyers () mail wvu edu>
On Monday, February 06, 2012 at 2:15 PM, "McLaughlin, Bryan S." <bmclaughlin () CREIGHTON EDU<mailto:bmclaughlin () CREIGHTON EDU>> wrote:
We have a single SAN environment where all data is co-mingled. I am wondering how many other Universities have taken steps to separate their data logically or physically so addition security can be added to data with higher sensitivity ratings? I would be interested in learning what others have implemented to apply appropriate data handling procedures to their data at rest. Thanks, Bryan McLaughlin Information Security Officer Creighton University bmclaughlin () creighton edu<mailto:bmclaughlin () creighton edu> Security Tip: No matter how authentic the request appears, if you are asked in an email or via the phone to provide your password - it is a SCAM. -- This message has been scanned for viruses and dangerous content by MailScanner<http://www.mailscanner.info/>, and is believed to be clean. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Current thread:
- Data Classification and Storage Environments McLaughlin, Bryan S. (Feb 06)
- Re: Data Classification and Storage Environments Robert Meyers (Feb 06)
- Re: Data Classification and Storage Environments SCHALIP, MICHAEL (Feb 06)
- Re: Data Classification and Storage Environments Robert Meyers (Feb 06)