- Charles Tatosi Chavapi – Information Security Manager, Debswana Mining Industry
- Ken Dewitt – IT Director, Navajo County
- Jim Finlayson – IT Director, City of Grand Junction
- Lian Guan – Enterprise Information Management Advisor, Ontario Lottery and Gaming Corporation
- Diane Kelly – Information Security Manager, Colorado Judicial ITS
- Leon Letto – Senior Technical Sales Engineer, AirWatch
- Jim McGann – VP, Marketing and Business Development, Index Engines, Inc.
- William Mendez – Information System Security Officer, City of Miami
- Ian Parker – Head of Corporate System Information Security, Risk, and Compliance, Fujitsu Services
- Claudiu Popa – President & CEO, Informatica Corporation
- Doug Waram – Director of IT, County of Wellington
- Chris Whiting – Solutions Architect, APA Group
- 3 anonymous contributors
- Huge volumes of data, in all different types, make data discovery a daunting task. With such backlogs of information, it can be difficult figuring out where to start classification.
- Ad hoc classification systems may lack consistency and accountability. Which formal classification system is right for you?
- End users are one of the weakest links in data security. Relying on end users to accurately classify and handle sensitive information requires significant awareness and training.
- Avoid analysis paralysis. Classifying all your data at once may not be feasible. Start small, quantify your results, report it to management, and then go back and tackle a larger portion.
- Data is dynamic. Data, by its nature, does not stay static. A piece of data’s criticality will peak, but strategic reassessment will eliminate over/under protection of data. Data classification must be a program, not a project.
- Classify what matters. Focus the program on data whose classification is measurable, auditable, and manageable.
Impact and Result
- Formalize the data classification initiative with the proper policies and handling standards, as well as a structured steering committee to ensure accountability and consistency.
- Understand where your data lives and what controls are implemented to protect the data. Make sure the protection is proportional to the sensitivity and criticality of the assets.
- Understand what tools are available to implement an efficient data classification program – whether provided from a third party or done in-house. Know how and when to revisit classifications to keep them up to date.
This guided implementation is a six call advisory process.
Guided Implementation #1 - Define the requirements
Call #1 - Formalize the Data Classification Steering Committee
Formalize data classification documentation
Guided Implementation #2 - Discover the data
Call #1 - Plan for data discovery
Call #2 - Ease the task of classification
Guided Implementation #3 - Implement data classification