Data classification is really important in the industry. There are lot of news in security leakages due to poor data classification.In the military data classification and clearance has higher importance. In military they classify data as unclassified data, confidential data, secret data and top secret data. why we don't call all the data top secret and consider it done. If we do so we waste cost in putting unnecessary security measures and waste lot of man power in managing them. So it is really important to design data classification model appropriate to our industry.Also it is important to define the security clearance.we have to define who are the data owners, what are their responsibilities and data classification in the organization. To start we should build a security policy which outline everything that we decided upon.Then we have our procedures, guidelines and standards to define it further.
Too many classification levels are impractical and add confusion. Too few classification levels gives the perception of little value and use. And there should be no overlap between classification levels.It is very common that lot of companies have three classification levels.Also we should follow a standardize approach for our information classification criteria.
Weakest link in security is people.That's why employ management is really important when you look in at enterprise security.80% of threat are internal and 20% are external(80/20 rule).People make mistakes.Policies should enforce in recruiting people, firing people and security training.
Hiring and Firing procedures:
Pre employment
- Background check
- security clearance
- Credit check
- drug screening
Termination procedures:
- Complete an exit interview (review non-disclosure agreement)
- Individual must surrender ID, keys and company assets
- User's accounts must be disabled
No comments:
Post a Comment