classifacation guide for data

does anyone maintain a classification guide for their applications/databases? I have been looking into some best practice for security management/compliance, and it states for all apps/databases which store sensitive data you should have a "classification guide" which should

define the need to know rules and the classification level for the data with the application/database, and the relationship between those rules and the apps role definitions.

I cant find anyone who actually has a classification guide for their databases - or what one actually looks like for some guidance on how and what they actually look like.
LVL 3
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lcohanDatabase AnalystCommented:
In my opinion that's more like a custom company document rather than some template and is very much related to the level of Security your company needs to comply to - take for instance PCI compliance data security standards:

https://www.pcisecuritystandards.org/security_standards/
http://www.titus.com/GAW/GAW_CLS_DS_Top_Reasons_For_Data_Classification.php?gclid=CLLV2pXcscECFQoEaQodpocAyw
http://www.cmu.edu/iso/governance/guidelines/data-classification.html
http://www.oit.gatech.edu/sites/default/files/DSC_handbook.pdf
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Wasim Akram ShaikCommented:
>>does anyone maintain a classification guide for their applications/databases?
Yes. Every one does.

>>I have been looking into some best practice for security management/compliance, and it states for all apps/databases which store sensitive data you should have a "classification guide"

I agree with the expert comment above, it should be a custom policy.

Every Company has its own custom requirements when it comes to classification.

On a broad level if you are going after classification it fairly depends on the way how your company does the business.

Identify the Financial/Non-Financial Stream applications which has direct/indirect impact on your customers, company operations.

By doing this segregation you can get a fair idea of how an each application/database has to classified into.
0
pma111Author Commented:
can anyone provide then a sample classifacation guide for a database with various types and sensitivity of data, so I can see what exactly is involved. If "everyone does" it should be quite easy to locate a template, but I couldnt find one when looking into this, making me think perhaps "not everyone does".
0
lcohanDatabase AnalystCommented:
That was exactly my point and as per your searches as well maybe is indeed true that "not everyone does" it however...please don't take just my word on it and wait maybe for other opinions. Mine is that you will have to start reading and do it on your own depending on your business Security requirements.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Databases

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.