Overview

Data classification helps us to categorize data in a way that conveys the sensitivity of information, such as data that must be safeguarded for confidentiality, integrity, and availability. Data classification is the process of sorting and categorizing data into various types, forms or any other distinct class. Data classification enables the separation and classification of data according to data set requirements for various business or personal objectives. It is mainly a data management process.

DATA CLASSIFICATION POLICY

A data classification policy is primarily concerned with the management of information to ensure that sensitive information is handled well with respect to the threat it poses to an organization. It also factors in how this gathered data is being used and structured within an organization to allow authorized personnel to get the right pieces of information at the right time, while aiding in ensuring that only those who are authorized can view or access information. The database of any organization contains data which differs in its level of sensitivity, i.e., some data are more sensitive than others. Data classification, security policy, and risk analysis are related functions that organizations use in conjunction to enhance security:

• A data classification policy is the personification of an organization's tolerance for risk.
• A security policy is a high-level plan stating the management intent corresponding to how security is supposed to be proficient in an organization, what actions are acceptable, and the magnitude of risk the organization is prepared to accept. For instance, a data security policy could perform a risk assessment or could have the organization's data classified.
• Risk analysis balances an organization's assets against threats of loss and is the catalyst to implementing safeguards or countermeasures that mitigates risk.

Therefore, data classification policies and risk analysis are separate concepts that fall under the security policy umbrella.

Common Terms

• Sensitive Data
• PII
• Compliance
• Governance
• Business Sensitive

Data clasification is required to categorize data in the database to be mask in a way that conveys the sensitivity of information. This classifciation and analysis will be performed by the business analysis, the Data Owner (Business SMEs) and the MISO (Ministry Information Security Officer)

Data Classsification Excercise

This classifciation and analysis will be performed by the business analysis, the Data Owner (Business SMEs) and the MISO (Ministry Information Security Officer) using a generated spreadsheet of the Database information schema. The Data Classification (DC) app for Information Schema console is located here. This will generate a data classifciation spreasheet as in the link.