Information Classification

April 27, 2017 isec No Comments

Service overview

Senior management is responsible for protecting information, and therefore must ensure proper definition, communication and compliance with the implemented security measures. Once data is categorized protections may be apply to maintain the CIA values.

The need for classification can also be induced by various contractual obligations. Data Classification may be the easiest way to demonstrate management involvement in their organizations’ security and also can generate benefits in subsequent audits.

Methodology

Our aim is to obtain a comprehensive but yet easy to understand, use and maintain classification scheme. Our basic approach is flexible to any context and situations, but here are the main steps:

Identify all information that needs protection
Select security measures that for the identified information classes
Identify your information classes
Link your protection measures with the identified classes
Classify your information

Deliverable

The deliverable of this service implementation are Asset Inventories, Asset Classification Procedure and Forms, etc.

Previous
Security awareness

Next
Documentation Design and Implementation