Senior management is responsible for protecting information, and therefore must ensure proper definition, communication and compliance with the implemented security measures. Once data is categorized protections may be apply to maintain the CIA values.
The need for classification can also be induced by various contractual obligations. Data Classification may be the easiest way to demonstrate management involvement in their organizations’ security and also can generate benefits in subsequent audits.
Our aim is to obtain a comprehensive but yet easy to understand, use and maintain classification scheme. Our basic approach is flexible to any context and situations, but here are the main steps:
The deliverable of this service implementation are Asset Inventories, Asset Classification Procedure and Forms, etc.