Data Classification Flashcards
Data Categorization
Data owner usually categorizes the data because of SA
Org can have any number of categories or types of information; these might be clearly defined and reused throughout the organization, or they might be arbitrarily assigned by data owners during the Create phase.
List ways to categorize data?
Regulatory Compliance
Business Function
Functional Unit
By Project
Regulatory Compliance Categories
categories based on which regulations apply to a specific dataset.
Business Function Categories
specific categories for different uses of data. e.g. billing, marketing, or operations.
Functional Unit Category
Categories defined by on department or office, so they own their own categories and keep all data it controls within its own category or categories
By Project Categories
define datasets by the projects they are associated with as a means of creating discrete, compartmentalized projects.
What should be true of the way an organization adopt categorization?
Whatever motif the organization uses, however, should be adopted and enforced uniformly throughout the organization.
Data Labeling
Attaching labels, flags, or tags to data, identifying data element’s classification, categorization, sensitivity, location of data, department, etc.
Data Classification
What is it? Who classifies? How is it classified? When is it Classified?
the responsibility of the data owner, takes place in the Create phase, and is assigned according to an overall organizational policy based on a specific characteristic of the given dataset.
Affixing security labels to objects in order to allow only people/subjects with the appropriate clearance level to have access to those objects
Classification or Sensitivity labels are applied to objects
Clearances or Privilege labels are applied to people/subjects
Data should be classified by the owner
can take any form defined by the organization and should be uniformly applied.
List items data classification may contain?
Sensitivity
Jurisdiction
Criticality
Describe Sensitivity in Classification
classification according to the sensitivity of the data, based on the negative impact an unauthorized disclosure would cause.
Describe Jurisdiction in Classification
geophysical location of the source or storage point of the data
Describe Criticality in Classification
Data that is deemed critical to organizational survival might be classified
Data Mapping
Data between organizations (or sometimes even between departments) must be normalized and translated so that it conforms in a way meaningful to both parties.
Where may data labels reside?
Header and Footers of document
Embedded in the filename
What information may labels include?
Date of creation Date of scheduled destruction/disposal Confidentiality level / Markings Handling directions Dissemination/distribution instructions Access limitations Source Jurisdiction Applicable regulation Descriptive terms
Data Discovery
Data discovery aka electronic discovery (e-discovery)
Used to understand the data we have created or aquired so that we may identify it, label it, and then successfully process it to derive value from data
e-discovery can be used for business analytics or even legal reasons (e.g. subpoena)