Define and Develop a Data Classification Program

Simplify data classification for broader visibility into your security program.

Onsite Workshop


Please note that the content on this page is retired. This content is not maintained and may contain information or links that are out of date.

Without an established and maintained data classification program:

  • The organization wants to move data to the cloud, however, it’s unknown what data should go and what data should stay within the organization.
  • Information requests take countless hours to process; a classification program that reduces the time it takes to get the information needed is a necessity.
  • Attackers are now going after data over devices. Data is flowing all over the organization and there is no control over where it goes, who can access it, and how to protect it.

A proper data classification program is worth the initial effort, leading to the following results:

  • Improves overall security posture and minimizes the organization’s profile against attackers by understanding the sensitivity of data.
  • Enables the business by knowing where and how sensitive data is to adopt new models like cloud and mobile through classification.
  • Creates a security-centric culture by training your end users on data classification and handling.
  • Ensures only the right people gain access to your data by controlling access to classification tiers.

Module 1: Define the Requirements

The Purpose

  • Define and formalize the data classification program to fit your organization’s needs.

Key Benefits Achieved

  • A right-sized classification program with formal documentation laying the foundation

Activities: Outputs:
1.1 Assemble the Data Classification Steering Committee
  • Established Data Classification Steering Committee Members
1.2 Define the Data Classification Steering Committee Charter
  • Formalized Data Classification Steering Committee Charter
1.3 Determine the classification scheme
  • Defined data classification scheme
1.4 Develop the Data Classification Policy
  • Formalized Data Classification Policy
1.5 Develop the Data Classification Standard
  • Formalized Data Classification Standard

Module 2: Discover the Data

The Purpose

  • To effectively mitigate risk and classify data, you must know where your data resides.




Key Benefits Achieved

  • Initial insight into where your data resides

Activities: Outputs:
2.1 Develop questionnaire to conduct data discovery with key data owners
  • Questionnaire to conduct discovery interviews
2.2 Interview key departments / data owners
  • Preliminary data discovery interview results
2.3 Identify where to prioritize classification
  • Prioritization of assets to classify
2.4 Re-evaluate policy and standard
  • Finalized policy and standard documents

Module 3: Implement Data Classification

The Purpose

  • Classify the data to inform strategic security decisions.

Key Benefits Achieved

  • Development of supporting evidence regarding current state of data protection based on classification to drive future security initiatives

Activities: Outputs:
3.1 Classify data in the inventory tool
  • Data classification inventory starting point
3.2 Analyze results of the preliminary classification
  • Security and location analysis charts to share with management
3.3 Begin developing a data classification training and awareness program
  • Plans for training and awareness
3.4 Determine metrics to measure the effectiveness of the program
  • List of metrics

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

View Active Workshops
GET HELP Contact Us
VL Methodology