Classifying and Securing Information

Classifying and Securing Information

Copyright: © 2019 |Pages: 14
DOI: 10.4018/978-1-5225-8410-0.ch009

Abstract

This chapter focuses on the classification and security stage in the information lifecycle. The chapter identifies the key questions to answer in formulating an information strategy. Concepts associated with these issues and the consequences of ignoring them are explained. The issues are also interpreted in different internal operating environments and in the context of future business environments.
Chapter Preview
Top

Key Questions

Chapter 9 provides a deep dive into the key questions and decision points in the secure and classify stage of the life cycle. We offer 24 more specific questions intended to guide your thinking about how to secure and classify information assets and to prevent liabilities. The questions also form the basis of an audit of information assets. An audit should ask and answer all of the questions listed in this chapter. From these answers you should be able to judge the strength or weakness of assets in this stage of their life cycles.

These questions are organized into five easy to remember categories to help you work through them as you work on your strategy. We do not offer answers to these questions because only you can determine which answers best suit your environment. There is no single right or wrong answer. Short explanations are provided for key concepts as background and context. These explanations also serve as a working reference source for both business and information professionals.

The What Questions

Your strategy should explain….

  • The organization’s essential definition of harm?

  • The circumstances under which information may result in liabilities?

  • The harm that may result from the mismanagement of information assets?

  • The levels of harm that may result?

  • The representation of levels of harm as security classes?

  • The overall coverage of harm by the security classification scheme?

  • the impact that security and classification may have on access and use of information assets

The When Questions

Your strategy should explain when ….

  • Security classes are assigned to information assets – when the asset is created, when it is designated as official, or another event that would trigger its classification?

The Where Questions

Your strategy should explain where….

  • Where security is applied – to the whole document? To parts of the document? To whole projects or folders? To entire applications or repositories?

Complete Chapter List

Search this Book:
Reset