Educause Security Discussion mailing list archives

Re: Data Classification of Video

From: Dan Han <s2dhan () VCU EDU>
Date: Wed, 12 Feb 2014 10:11:09 -0500

I completely agree with Bob's assessment here. Audio / video are media
formats used to deliver information. How you classify your information /
data should not be affected by the delivery medium. Therefore if you
classify PII as confidential, then it doesn't matter whether that
information is stored in paper, audio, or other electronic format, or
transmitted over STFP or streaming video, the same protection mechanisms
required for confidential information should apply.

Dan Han
Virginia Commonwealth University

On Wednesday, February 12, 2014, Robert Meyers <REMeyers () mail wvu edu>
wrote:

 If your present policy defines classification according to the
information included in a data file, then you don't have to modify the
policy IMHO. The format of the data should be completely independent of the
decision to classify it. That's especially true if your audio/video
repository is digitized. They are just another block of data files that
fall under your current classification policy. Maybe simply adding a phrase
to the existing policy that says it applies to university content
regardless of storage media type may be necessary.



*Bob Meyers*
WVU Information Security



*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:
SECURITY () LISTSERV EDUCAUSE EDU<javascript:_e(%7B%7D,'cvml','SECURITY () LISTSERV EDUCAUSE EDU');>]
*On Behalf Of *Pardonek, Jim
*Sent:* Tuesday, February 11, 2014 2:01 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU<javascript:_e(%7B%7D,'cvml','SECURITY () LISTSERV EDUCAUSE EDU');>
*Subject:* [SECURITY] Data Classification of Video



I'm looking for some feedback on how other universities may have amended
their data classification policies to include university generated audio
and video content in the context of what types of content would cause a
video to be classified as confidential or protected, or maybe just
sensitive.  We are in the process of replacing our video repository and the
question was brought to me.  Since Information Security owns most of the
policy creation here, I'm struggling with how to word the thing.



Thanks,



*James Pardonek, CISSP, CEH*

*Information Security Officer*


* Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL  60660 *
* (**: (773) 508-6086*



-- 
Dan Han
Virginia Commonwealth University

Sent from my mobile device

Current thread:

Data Classification of Video Pardonek, Jim (Feb 11)
- Re: Data Classification of Video Robert Meyers (Feb 12)
  - Re: Data Classification of Video Dan Han (Feb 12)