Select Page

What Is Data Classification and How Can It Help Protect Your Data?

Eric Russo | | September 26, 2013

Lock

With increasingly prominent data breaches worldwide, how can you best protect your organization and its data? Data classification provides that foundation, according to Ericka Chickowski, writing in Dark Reading.

What is data classification? Carnegie Mellon University defines it as:

“The classification of data based on its level of sensitivity and the impact […] should that data be disclosed, altered or destroyed without authorization. The classification of data helps determine what baseline security controls are appropriate for safeguarding that data.”

The University, for example, sorts data into three different levels of sensitivity: Restricted Data, which includes any data protected by state or federal privacy regulations or by confidentiality agreements; Private Data, which is not explicitly classified as Restricted or Public data; and Public Data, which is defined as that data that, if disclosed, altered, or destroyed, would pose little to no risk to the organization.

It still needs to be protected from tampering or deleting. This could include information such as press releases.

If indecisive on a classification for data collections, it is prudent to apply the most restrictive classification. Doug Landoll, chief executive officer of Austin-based Assero Security, says:

“In theory you could create a half dozen or more classification levels, but practically speaking most organizations can deal effectively with two levels of security: standard and protected. […] An approach of creating even four or more environments each with a different set of required security controls is an administrative nightmare and does not take advantage of economies of scale.”

Erik Bataller, a senior consultant with information security consultancy Neohapsis, in a series on data classification, contends everyone within the organization needs to be involved in the classification process for it to be effective:

“The business, not IT, owns organizational data, so establish a dialogue with the executives and staff responsible for relevant systems. They need to be the enforcers across their groups.”

In some industries or instances, database administrators may need input from other departments. This may include involvement of the legal, compliance, and human resources departments.

The classification process helps organization value their information by assigning it an importance whether it is inside the database or outside it. All data needs to be properly classified in a manner that accounts for any government or regulatory mandates for management. It is not a one-off project, but one requiring regular oversight on, perhaps, a quarterly basis.

Some data classification initiatives can be extensive. A pharmacy, needing to protect information accessible through its website to meet regulatory requirements, dealt with roughly eight billion records across 180 applications and in its allied databases, including the organization’s test and development databases, explained Venkat Lakshminarasimha, global big data integration specialist with Informatica, in a workshop presentation at FutureGov Singapore Forum 2013.

Additional ideas and information about data classification can be found in “Standards for Security Categorization of Federal Information and Information Systems,” published by the National Institute of Standards and Technology.

Source: “Developing Data Classification For Stronger Database Security,” Dark Reading, 04/17/13
Source: “Data Classification Tips And Technologies,” Network Computing, 03/29/12
Source: “Integrating, Governing and Managing Big Data,” FutureGov, 04/25/13
Image: FreeDigitalPhotos.net.

12c Upgrade Bug with SQL Tuning Advisor

This blog post outlines steps to take on Oracle upgrade 11.2 to 12.1 if you’re having performance problems. Oracle offers a patch and work around to BUG 20540751.

Megan Elphingstone | March 22, 2017

Oracle EPM Cloud Vs. On-Premises: What’s the Difference?

EPM applications help measure the business performance. This post will help you choose the best EPM solutions for your organization’s needs and objectives.

Bobby Ellis | April 10, 2018

Scripting Out the Logins, Server Role Assignments, and Server Permissions

Imagine there are over one hundred logins in the source server and you need to migrate them all over to the destination server. Wouldn’t it be awesome if we could automate the process by generating the scripts for the required tasks?

JP Chen | October 1, 2015

Work with Us

Let’s have a conversation about what you need to succeed and how we can help get you there.

CONTACT US

Work for Us

Where do you want to take your career? Explore exciting opportunities to join our team.

EXPLORE JOBS