Solved

classifacation guide for data

Posted on 2014-10-16
4
251 Views
Last Modified: 2014-10-28
does anyone maintain a classification guide for their applications/databases? I have been looking into some best practice for security management/compliance, and it states for all apps/databases which store sensitive data you should have a "classification guide" which should

define the need to know rules and the classification level for the data with the application/database, and the relationship between those rules and the apps role definitions.

I cant find anyone who actually has a classification guide for their databases - or what one actually looks like for some guidance on how and what they actually look like.
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
lcohan earned 250 total points
ID: 40385039
In my opinion that's more like a custom company document rather than some template and is very much related to the level of Security your company needs to comply to - take for instance PCI compliance data security standards:

https://www.pcisecuritystandards.org/security_standards/
http://www.titus.com/GAW/GAW_CLS_DS_Top_Reasons_For_Data_Classification.php?gclid=CLLV2pXcscECFQoEaQodpocAyw
http://www.cmu.edu/iso/governance/guidelines/data-classification.html
http://www.oit.gatech.edu/sites/default/files/DSC_handbook.pdf
0
 
LVL 16

Assisted Solution

by:Wasim Akram Shaik
Wasim Akram Shaik earned 250 total points
ID: 40385977
>>does anyone maintain a classification guide for their applications/databases?
Yes. Every one does.

>>I have been looking into some best practice for security management/compliance, and it states for all apps/databases which store sensitive data you should have a "classification guide"

I agree with the expert comment above, it should be a custom policy.

Every Company has its own custom requirements when it comes to classification.

On a broad level if you are going after classification it fairly depends on the way how your company does the business.

Identify the Financial/Non-Financial Stream applications which has direct/indirect impact on your customers, company operations.

By doing this segregation you can get a fair idea of how an each application/database has to classified into.
0
 
LVL 3

Author Comment

by:pma111
ID: 40386307
can anyone provide then a sample classifacation guide for a database with various types and sensitivity of data, so I can see what exactly is involved. If "everyone does" it should be quite easy to locate a template, but I couldnt find one when looking into this, making me think perhaps "not everyone does".
0
 
LVL 40

Expert Comment

by:lcohan
ID: 40386976
That was exactly my point and as per your searches as well maybe is indeed true that "not everyone does" it however...please don't take just my word on it and wait maybe for other opinions. Mine is that you will have to start reading and do it on your own depending on your business Security requirements.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
error doing substr 3 38
Pasword self service reset in Azure 6 53
Access control a form field in Lotus Notes 3 29
HIPAA Security Audit - How much do I charge? 5 19
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question