Classification should be designed to ensure that data is marked in a way that allows only people with appropriate permission to access it. Classification levels and determinations must be well documented and communicated to all people creating, accessing, moving or deleting the data.
How the classification is determined is down to the creating organisation, however, consideration should be paid to the following:
- Value
- Sensitivity to unauthorised disclosure
- Legal requirements
- Criticality
Classification of data can be done manually (through the application of watermarks, digital stamps, headers/footers, email signatures etc) more suitably, through a tool that the user must interact with. Such tools mark the metadata with the assigned classification. This classification can then be used to apply handling rules based on company policy.
Some of the other benefits of a good classification scheme are:
- More effective risk management
- Help to meet legal eDiscovery requirements
- Help to meet other regulatory requirements
- Optimise the effectiveness of other security controls such as Data Loss Prevention and Encryption
- Improved user security awareness
Data classification most commonly applies to unstructured data and email systems but structured data should not be overlooked. Classification tools should integrate with productivity applications like Microsoft Office. This will enforce marking at the time of creation or modification to a file or email.
Get in touch with our security experts
Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.
