why do we need to classify data

1. Compliance: Middlebury is making a significant effort to comply with state and federal regulations as well as a number of standards such as PCI. many of these require some level of data classification and protection. 2. Security: It is much more difficult to secure data when you do not know what you have where. As an effort to secure the assets of Middlebury College the data classification will go a long way to simplify this effort. 3. Organization and identification of data: through the organization of data it will be easier to know what we have and where it is located. This will help with data retention efforts, storage efforts, budget and simply finding information. 4.

Knowing what types of data we have helps to know how they are protected. PFor example, credit card information is not allowed to be stored for any reason. Knowing if we have any of this information will help us to remove the data for compliance information. In contrast, knowing where Social Security Numbers may be located will help us to streamline business practices and secure this critical data against identity theft and help the College comply with many different regulations and standards.
Data is truly not created equal. We re all concerned about Data theft, be it credit card information, healthcare (PHI) information, or private and confidential employee data or trade secrets.

In recent cases, we have heard a lot about corporate espionage and hacking threats from competing nation states. Well, how do we go about protecting our information assets from data thieves? In most cases, a combination of Data Classification, Data Leakage Prevention and Encryption will get you there. Data classification is a prerequisite to a successful Data Leakage Prevention (DLP) implementation. Before we can protect our data from leaking, we need to classify information into some iteration of the below four categories: 1) Public UseP 2) Internal UseP 3) ConfidentialP 4) Top Secret We usually scan the environment (data discovery) for key words, phrases, and content that the business unit deems confidential and at risk.

This information is then initially identified and consolidated. Its a lot easier to safeguard assets in 1-5 locations, rather than if they were spread out all across the network. Once the data is consolidated, appropriate protection and data security (data at rest encryption for example) measures can be applied to the data or the devices it resides on. From that point on, all the information assets can be tagged appropriately (Example: Public Use, Internal Use Only, Confidential and Top Secret).

The organization can then set policies for data in use and data in motion. After Data Classification is complete, A Data Leakage Prevention (DLP) solution can then follow the policies we set to protect data from leaving the organization or getting into the wrong hands internally as well. In conclusion, for an effective data security strategy, we really have to lay the foundation through a data classification exercise, and then follow it up with data security measures like DLP and Encryption.

  • Views: 42

why does a computer system need backing storage
why does a computer need backing storage
why does a company need an information security policy
why do we need to classify data
why do we need to protect data
why do we need to protect data
why do we need data protection laws