Security icon

Discover and Classify Your Data

Provide your data with the protection it deserves.

Get Instant Access
to this Blueprint

View Storyboard

Solution Set Storyboard Thumbnail

Contributors

  • Charles Tatosi Chavapi – Information Security Manager, Debswana Mining Industry
  • Ken Dewitt – IT Director, Navajo County
  • Jim Finlayson – IT Director, City of Grand Junction
  • Lian Guan – Enterprise Information Management Advisor, Ontario Lottery and Gaming Corporation
  • Diane Kelly – Information Security Manager, Colorado Judicial ITS
  • Leon Letto – Senior Technical Sales Engineer, AirWatch
  • Jim McGann – VP, Marketing and Business Development, Index Engines, Inc.
  • William Mendez – Information System Security Officer, City of Miami
  • Ian Parker – Head of Corporate System Information Security, Risk, and Compliance, Fujitsu Services
  • Claudiu Popa – President & CEO, Informatica Corporation
  • Doug Waram – Director of IT, County of Wellington
  • Chris Whiting – Solutions Architect, APA Group
  • Three anonymous contributors
  • Huge volumes of all different types of data make data discovery a daunting task. With such backlogs of information, it can be difficult to figure out where to start classification.
  • End users are one of the weakest links in data security. Ensuring their ability to accurately classify and handle sensitive information requires significant awareness and training.

Our Advice

Critical Insight

Data classification is a huge undertaking, and the process is never really finished, as new data is created daily. However, the stress can be managed by following these tips:

  • Avoid analysis paralysis
    Classifying all your data at once may not be feasible. Start small, quantify your results, report them to management, and then go back and tackle a larger portion. For many, it may be best to focus on classifying new data as it’s created. Once the process is smoothed out, then move on to classifying legacy data.
  • Remember that data is dynamic
    Data, by its nature, does not stay static. A piece of data’s criticality will peak, but strategic reassessment will eliminate under/overprotection of data. Data classification must be a program, not a project.
  • Classify what matters
    Focus the program on data whose classification is measurable, auditable, and manageable.

Impact and Result

This blueprint will help you to understand where your data lives and who has access to it so that you can develop an appropriate data classification system by conducting interviews with data owners and by incorporating vendor solutions to make the process more manageable and end-user friendly.

  • Formalize the data classification initiative with the proper policies and handling standards, as well as a structured steering committee to ensure accountability and consistency.
  • Understand where your data lives and what controls are implemented to protect it. Make sure the protection is proportional to the sensitivity and criticality of the assets.
  • Understand what tools are available to implement an efficient data classification program – whether provided by a third party or done in-house. Know how and when to revisit classifications to keep them up to date.
Unlock This Blueprint

Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should classify your data, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

1. Formalize the classification program

Begin by understanding the importance of data classification and how to develop a classification program.

2. Discover the data

Understand the importance of data discovery and how to incorporate human- and technology-based tools to simplify the discovery process.

3. Classify the data

Implement the classification program in order to make sure it has the appropriate level of protection.

Guided Implementations

This guided implementation is a six call advisory process.

Guided Implementation #1 - Formalize the classification program

Call #1 - Establish the data classification steering committee.
Call #2 - Formalize data classification documentation.

Guided Implementation #2 - Discover the data

Call #1 - Plan for data discovery.
Call #2 - Implement data discovery.

Guided Implementation #3 - Classify the data

Call #1 - Classify the data.
Call #2 - Maintain and optimize the program.

Onsite Workshop

Unlock This Blueprint

Book Your Workshop

Onsite workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost onsite delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

Module 1: Formalize the Classification Program

The Purpose

  • A simple data classification scheme with formal documentation

Key Benefits Achieved

  • Increased insight into appropriate data handling, storage, and transmission

Activities

Outputs

1.1

Understand the benefits of data classification

1.2

Discuss legal, contractual, and regulatory obligations

1.3

Develop a Data Classification Steering Committee

  • Data Classification Steering Committee Charter
1.4

Determine the data classification scheme

1.5

Develop the Data Classification Policy

  • Data Classification Policy
1.6

Develop the Data Classification Standard

  • Data Classification Standard
1.7

Define the Data Classification RACI

  • Data Classification RACI

Module 2: Discover the Data

The Purpose

  • A plan to perform in-depth data discovery and a prioritization of classification

Key Benefits Achieved

  • Increased understanding of the importance of data discovery and classification
  • Managing the challenges associated with each


Activities

Outputs

2.1

Discuss the benefits and challenges of data discovery

2.2

Discuss the technology options for discovery and classification

2.3

Discuss the human-based approach to data discovery

2.4

Determine the appropriate discovery interview questions

  • Data Discovery Interview Tracking Tool
2.5

Conduct data discovery interviews (approximately two interviews)

  • Approximately two completed interviews

Module 3: Classify the Data

The Purpose

  • An organized classification inventory and insight into the location and level of protection needed for your data

Key Benefits Achieved

  • A system to classify data and track its lifecycle

Activities

Outputs

3.1

Continue conducting interviews (approximately two interviews) and aggregate preliminary results

  • Approximately two completed interviews
3.2

Classify the preliminary findings uncovered from interviews

3.3

Understand the results of the inventory tool

  • Data Classification Inventory Tool
3.4

Discuss next steps for optimizing the process

Module 4: Plan to Implement the Program

The Purpose

  • Assist with getting the program started for the organization

Key Benefits Achieved

  • Establishment of a data classification initiative

Activities

Outputs

4.1

Identify data metrics to track and report

  • Data Classification Metrics Tool
4.2

Develop awareness and training material

  • Data Classification Awareness and Training Material
4.3

Discuss next steps for continuing the data classification initiative

4.4

Debrief

Unlock This Blueprint

Member Testimonials

Unlock Sample Research

After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.

Client

Experience

Impact

$ Saved

Days Saved

Deltec Bank & Trust Limited

Workshop

9/10

$69,091

120

Kleinfelder Group

Workshop

10/10

$31,940

10

American National Insurance Company Inc

Guided Implementation

9/10

N/A

N/A

Children's Hospital Colorado

Guided Implementation

10/10

N/A

20

Pact Group PTY Ltd

Guided Implementation

9/10

$20,022

5

Blackbaud

Guided Implementation

9/10

$2,512

20

Performance Trust Capital Partners

Guided Implementation

9/10

$6,281

3

Maxion Wheels

Guided Implementation

10/10

N/A

N/A

HEART Trust/NTA

Workshop

10/10

$31,833

60

Roosevelt Management Company

Guided Implementation

10/10

$12,742

110

Hope Global

Guided Implementation

10/10

$14,653

10

Hope Global

Guided Implementation

10/10

$31,405

5

Fleet Feet Sports

Guided Implementation

10/10

N/A

N/A

Dataprise Inc.

Guided Implementation

9/10

$31,405

10

General Dynamics Mission Systems, Inc

Guided Implementation

9/10

N/A

N/A

Energy+ Inc.

Guided Implementation

7/10

$50,000

20

Massimo Zanetti Beverage USA

Guided Implementation

7/10

$12,733

5

Office of Information Services for Oregon Health Authority (OHA) & Department of Human Services (DHS)

Guided Implementation

9/10

$63,667

23

Platte River Power Authority

Workshop

10/10

$2,546

105

American Systems Corporation

Workshop

3/10

N/A

N/A

City Of Durango

Workshop

10/10

N/A

N/A

TEXAS ASSOCIATION OF SCHOOL BOARDS, INC.

Guided Implementation

8/10

N/A

N/A

Ohio Lottery Commission

Guided Implementation

6/10

N/A

N/A

City of Alexandria, VA

Guided Implementation

10/10

N/A

10

Briggs & Stratton, LLC

Guided Implementation

10/10

N/A

110

Texas General Land Office and Veterans Land Board

Guided Implementation

10/10

$5,093

32

Platte River Power Authority

Guided Implementation

1/10

N/A

85

The Whiting-Turner Contracting Co.

Guided Implementation

10/10

$31,833

20

Dark Fibre Africa

Guided Implementation

10/10

N/A

5

Enerflex Ltd.

Guided Implementation

9/10

$9,000

5

More

Data Privacy Map

Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019