Educause Security Discussion mailing list archives
Re: Data Classification
From: WALTER KERNER <Walter_kerner () FITNYC EDU>
Date: Tue, 3 Sep 2019 10:54:07 -0400
We’re about 10,000 FTE, part of a state system. For us, Info sec participates in data governance but we are not the overall owners. That role is in the application world since they know more about what data will be used for, which systems are systems of record versus copies or derivatives, etc. Walter Walter Kerner Assistant Vice President and CISO 212 217 3415 [image: blue and black logo two lines png] *From:* The EDUCAUSE Security Community Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Jim A. Bole *Sent:* Tuesday, September 03, 2019 10:40 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Data Classification Some great examples of data classification policies. I’m wondering about the governing body for data classification? Do institutions have a governing body separate from information security? Or does infosec wear both hats, especially at small institutions? Jim Bole Director of Information Security *Stevenson University* 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Robert Smith *Sent:* Friday, August 30, 2019 3:41 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: Data Classification Hello, Our Standard and Guide are on-line: https://security.ucop.edu/policies/institutional-information-and-it-resource-classification.html <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsecurity.ucop.edu%2Fpolicies%2Finstitutional-information-and-it-resource-classification.html&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C852a397069d645857a5708d72d81f1e3%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637027908453075915&sdata=eU1wEXNX4R1BrfDLZCTsCeB82UXShf42iBjKif%2BDMyI%3D&reserved=0> *Have a delightful day,* Robert Smith, CISSP, PMP *University of California Office of the President* (510) 587-6244 (o) robert.smith () ucop edu *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Ullman, Catherine *Sent:* Friday, August 30, 2019 12:26 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Data Classification Hi Marty, Here is our data classification policy: http://www.buffalo.edu/administrative-services/policy1/ub-policy-lib/data-risk-classification.html <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.buffalo.edu%2Fadministrative-services%2Fpolicy1%2Fub-policy-lib%2Fdata-risk-classification.html&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C852a397069d645857a5708d72d81f1e3%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637027908453085912&sdata=IO%2BcVCXD530uf4LfXpW01RvZiYrzPZzlfjcMjkCusi8%3D&reserved=0> The chart found here: http://www.buffalo.edu/ubit/information-for-it-staff/information-security/minimum-security-standards.html <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.buffalo.edu%2Fubit%2Finformation-for-it-staff%2Finformation-security%2Fminimum-security-standards.html&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C852a397069d645857a5708d72d81f1e3%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637027908453095909&sdata=yqtjU%2B8UZx0Nh3nPLA4IuT5nwZSoRXYUkNpeAXCC16Q%3D&reserved=0> is meant to help clarify the risks for a variety of risks and provide some guidance on what needs to be done to secure the data. I hope that helps. Best, Cathy Dr. Catherine J Ullman Senior Information Security Analyst Information Security Office University at Buffalo cende () buffalo edu *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Marty Leidner *Sent:* Friday, August 30, 2019 2:50 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Data Classification Good Afternoon We at Rockefeller University are considering how to move forward with the elusive goal/initiative of data classification, and would like to see how others are addressing this. I would greatly appreciate if you could respond to this brief survey. I will be happy to share the results with anyone who is interested: 1. Do you have a data classification policy on your website or intranet? 2. Do you use any tools to enable your user community to classify their data? If so, which ones? These could be enterprise tools, or even basic tools that are built into other applications or platforms (e.g. Office365, Box, etc.) 3. Do you enforce this policy, or in any way require data to be classified? Thanks , and I wish everyone a wonderful labor day, Marty , Thank You, Marty Leidner, CISSP Chief Information Security Officer The Rockefeller University Information Security 212-327-7372 http://it.rockefeller.edu/information-security <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fit.rockefeller.edu%2Finformation-security&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C852a397069d645857a5708d72d81f1e3%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637027908453095909&sdata=%2BvN7G0dYcr0Rs6A9mIpdB4VkT2iMrGB8ymnDsh%2BhtGY%3D&reserved=0> Protector of the cyber realm ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C852a397069d645857a5708d72d81f1e3%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637027908453105902&sdata=oVUgNl9xI4Kh6rbk9fIgDBS%2FdGNm4u9%2B%2FG%2BX9Z1%2BOBI%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C852a397069d645857a5708d72d81f1e3%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637027908453105902&sdata=oVUgNl9xI4Kh6rbk9fIgDBS%2FdGNm4u9%2B%2FG%2BX9Z1%2BOBI%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community <https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fcommunity&data=02%7C01%7Cjbole%40STEVENSON.EDU%7C852a397069d645857a5708d72d81f1e3%7C93599c7168554022bac5141d808346d1%7C0%7C0%7C637027908453115898&sdata=sAIHfXu5gfNrCIqa668Hcz1hSF6gl9H2nM0Msoa7fcQ%3D&reserved=0> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Data Classification Marty Leidner (Aug 30)
- Re: Data Classification Ullman, Catherine (Aug 30)
- Re: Data Classification Robert Smith (Aug 30)
- Re: Data Classification Jim A. Bole (Sep 03)
- Re: Data Classification Barton, Robert W. (Sep 03)
- Re: Data Classification WALTER KERNER (Sep 03)
- Re: Data Classification Robert Smith (Aug 30)
- Re: Data Classification Ullman, Catherine (Aug 30)
- Re: Data Classification Telfer, Will (Aug 30)
- Re: Data Classification Ken Connelly (Aug 30)
- Re: [External] [SECURITY] Data Classification Gregg, Christopher S. (Sep 03)
- <Possible follow-ups>
- Re: Data Classification Williams, Matthew (wilmh) (Sep 03)
- Re: Data Classification Darren Morris (Sep 03)
- Re: Data Classification Brad Judy (Sep 03)