Information Classification
Information classification is the art to assign a value to information with the goal to allocate funds and resources to protect this information.
There are four commonly used classifications:
- Confidential
- Private
- Sensitive
- Public
Each classification has its own procedures to protect the information, some of the common ones are listed below.
Classification Controls
- Access control
- Auditing and monitoring
- Backup and restore procedures
- Change control
- Data encryption
- Separation of duties