data policies

Question 1

How to classify data?

Answer 1

Ensuring information/assests are marked in such a way that those with an appropriate level of clearance can have access to them. the owner of the data should classify the data

Who should decide on data classification? The individual who owns the data, and it should be reviewd at a minimum annually

Question 2

What is governance?

Answer 2

The system by which an organization directs and controls IT security. It should not be confused with IT security managment. IT security management is concerned with making decisions to mitigate risks, governance determines who is authorized to make decisions

Question 3

What is data rentention?

Answer 3

An organizations rentention policy controls how it saves data for compliance or regulatory reasons, as well as how it disposes of data once it is no longer required. A data renterntion policy should clarify how records and data should be formatted, how long they must be kept, and what storage system or devices are used to retain them.