Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 287
  • Last Modified:

classifacation guide for data

does anyone maintain a classification guide for their applications/databases? I have been looking into some best practice for security management/compliance, and it states for all apps/databases which store sensitive data you should have a "classification guide" which should

define the need to know rules and the classification level for the data with the application/database, and the relationship between those rules and the apps role definitions.

I cant find anyone who actually has a classification guide for their databases - or what one actually looks like for some guidance on how and what they actually look like.
0
pma111
Asked:
pma111
  • 2
2 Solutions
 
lcohanDatabase AnalystCommented:
In my opinion that's more like a custom company document rather than some template and is very much related to the level of Security your company needs to comply to - take for instance PCI compliance data security standards:

https://www.pcisecuritystandards.org/security_standards/
http://www.titus.com/GAW/GAW_CLS_DS_Top_Reasons_For_Data_Classification.php?gclid=CLLV2pXcscECFQoEaQodpocAyw
http://www.cmu.edu/iso/governance/guidelines/data-classification.html
http://www.oit.gatech.edu/sites/default/files/DSC_handbook.pdf
0
 
Wasim Akram ShaikCommented:
>>does anyone maintain a classification guide for their applications/databases?
Yes. Every one does.

>>I have been looking into some best practice for security management/compliance, and it states for all apps/databases which store sensitive data you should have a "classification guide"

I agree with the expert comment above, it should be a custom policy.

Every Company has its own custom requirements when it comes to classification.

On a broad level if you are going after classification it fairly depends on the way how your company does the business.

Identify the Financial/Non-Financial Stream applications which has direct/indirect impact on your customers, company operations.

By doing this segregation you can get a fair idea of how an each application/database has to classified into.
0
 
pma111Author Commented:
can anyone provide then a sample classifacation guide for a database with various types and sensitivity of data, so I can see what exactly is involved. If "everyone does" it should be quite easy to locate a template, but I couldnt find one when looking into this, making me think perhaps "not everyone does".
0
 
lcohanDatabase AnalystCommented:
That was exactly my point and as per your searches as well maybe is indeed true that "not everyone does" it however...please don't take just my word on it and wait maybe for other opinions. Mine is that you will have to start reading and do it on your own depending on your business Security requirements.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now