- Huge volumes of all different types of data make data discovery a daunting task. With such backlogs of information, it can be difficult to figure out where to start classification.
- End users are one of the weakest links in data security. Ensuring their ability to accurately classify and handle sensitive information requires significant awareness and training.
Our Advice
Critical Insight
Data classification is a huge undertaking, and the process is never really finished, as new data is created daily. However, the stress can be managed by following these tips:
- Avoid analysis paralysis
Classifying all your data at once may not be feasible. Start small, quantify your results, report them to management, and then go back and tackle a larger portion. For many, it may be best to focus on classifying new data as it’s created. Once the process is smoothed out, then move on to classifying legacy data. - Remember that data is dynamic
Data, by its nature, does not stay static. A piece of data’s criticality will peak, but strategic reassessment will eliminate under/overprotection of data. Data classification must be a program, not a project. - Classify what matters
Focus the program on data whose classification is measurable, auditable, and manageable.
Impact and Result
This blueprint will help you to understand where your data lives and who has access to it so that you can develop an appropriate data classification system by conducting interviews with data owners and by incorporating vendor solutions to make the process more manageable and end-user friendly.
- Formalize the data classification initiative with the proper policies and handling standards, as well as a structured steering committee to ensure accountability and consistency.
- Understand where your data lives and what controls are implemented to protect it. Make sure the protection is proportional to the sensitivity and criticality of the assets.
- Understand what tools are available to implement an efficient data classification program – whether provided by a third party or done in-house. Know how and when to revisit classifications to keep them up to date.
Member Testimonials
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.
9.2/10
Overall Impact
$20,287
Average $ Saved
33
Average Days Saved
Client
Experience
Impact
$ Saved
Days Saved
Central Bank of Barbados
Guided Implementation
10/10
N/A
N/A
Noble Research Institute, LLC
Guided Implementation
8/10
$2,519
5
Goodwill Industries of South Florida
Guided Implementation
10/10
N/A
10
Central Bank of Barbados
Workshop
9/10
$47,500
50
Lawyers’ Professional Indemnity Company
Workshop
9/10
$16,000
90
Sterilite Corporation
Workshop
9/10
$31,499
50
Interdigital Communications
Guided Implementation
9/10
$27,719
10
City Of Issaquah
Guided Implementation
10/10
$29,609
120
Forrester Construction
Guided Implementation
10/10
$5,039
3
American Transmission Company
Guided Implementation
10/10
N/A
N/A
Deltec Bank & Trust Limited
Workshop
9/10
$69,299
120
Kleinfelder Group
Workshop
10/10
$30,999
10
American National Insurance Company Inc
Guided Implementation
9/10
N/A
N/A
Children's Hospital Colorado
Guided Implementation
10/10
N/A
20
Pact Group PTY Ltd
Guided Implementation
9/10
$19,064
5
Blackbaud
Guided Implementation
9/10
$2,479
20
Performance Trust Capital Partners
Guided Implementation
9/10
$6,199
3
Maxion Wheels
Guided Implementation
10/10
N/A
N/A
HEART Trust/NTA
Workshop
10/10
$30,999
60
Rushmore Loan Management Services LLC
Guided Implementation
10/10
$12,399
110
Hope Global
Guided Implementation
10/10
$13,873
10
Hope Global
Guided Implementation
10/10
$31,405
5
Fleet Feet Sports
Guided Implementation
10/10
N/A
N/A
Dataprise Inc.
Guided Implementation
9/10
$31,405
10
General Dynamics Mission Systems, Inc
Guided Implementation
9/10
N/A
N/A
Energy+ Inc.
Guided Implementation
7/10
$50,000
20
Massimo Zanetti Beverage USA
Guided Implementation
7/10
$12,733
5
Office of Information Services for Oregon Health Authority (OHA) & Department of Human Services (DHS)
Guided Implementation
9/10
$63,667
23
Platte River Power Authority
Workshop
10/10
$2,479
105
American Systems Corporation
Workshop
3/10
N/A
N/A
Workshop: Discover and Classify Your Data
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Module 1: Formalize the Classification Program
The Purpose
- A simple data classification scheme with formal documentation
Key Benefits Achieved
- Increased insight into appropriate data
handling, storage, and transmission
Activities
Outputs
Understand the benefits of data classification
Discuss legal, contractual, and regulatory obligations
Develop a Data Classification Steering Committee
- Data Classification Steering Committee Charter
Determine the data classification scheme
Develop the Data Classification Policy
- Data Classification Policy
Develop the Data Classification Standard
- Data Classification Standard
Define the Data Classification RACI
- Data Classification RACI
Module 2: Discover the Data
The Purpose
- A plan to perform in-depth data discovery and a prioritization of classification
Key Benefits Achieved
- Increased understanding of the importance of data discovery
and classification
- Managing the challenges associated with each
Activities
Outputs
Discuss the benefits and challenges of data discovery
Discuss the technology options for discovery and classification
Discuss the human-based approach to data discovery
Determine the appropriate discovery interview questions
- Data Discovery Interview Tracking Tool
Conduct data discovery interviews (approximately two interviews)
- Approximately two completed interviews
Module 3: Classify the Data
The Purpose
- An organized
classification inventory and insight into the location and level of protection
needed for your data
Key Benefits Achieved
- A system to classify data and track its lifecycle
Activities
Outputs
Continue conducting interviews (approximately two interviews) and aggregate preliminary results
- Approximately two completed interviews
Classify the preliminary findings uncovered from interviews
Understand the results of the inventory tool
- Data Classification Inventory Tool
Discuss next steps for optimizing the process
Module 4: Plan to Implement the Program
The Purpose
- Assist with getting the program started for the organization
Key Benefits Achieved
- Establishment of a data classification initiative
Activities
Outputs
Identify data metrics to track and report
- Data Classification Metrics Tool
Develop awareness and training material
- Data Classification Awareness and Training Material
Discuss next steps for continuing the data classification initiative
Debrief