richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

removed emojis, merged 2 folders, removed duplication

Browse source
This commit is contained in:
Richard Kranendonk 2026-05-11 16:47:35 +02:00
parent 9b7b3a3a85
commit 24403ce731
92 changed files with 106 additions and 1432 deletions
Download patch file Download diff file Expand all files Collapse all files

19
Corpus/Sparks/Labeling of information in the digital domain.md
View file

@ -12,6 +12,25 @@ Labeling of digital information assets close to the source e.g. assign
Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as labeling. A data dictionary that contains classification information could also be considered to use labeling.
Related:
- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)
- [[Enforcement tooling]]
[ISO 27001 A 8.2.2 Labelling of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.2%20Labelling%20of%20information.md) makes procedures for information labelling in accordance with the classification scheme mandatory.
For physical assets its straightforward: a restricted area sign on the door to the server room, a classified mark on a folder, a privacy sensitive sticker on a backup tape, etc.
But how would you implement labeling in the digital domain of databases, file systems, SaaS environments, etc.?
Brahman Thiyagalingham suggested in [this LinkedIn thread](https://www.linkedin.com/feed/update/urn:li:activity:6878704465160007680/?commentUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6878973141931094016)&replyUrn=urn%3Ali%3Acomment%3A(groupPost%3A67493-6878704464929316864%2C6879367802243866624)) that, to ensure the proper handling of (digital) information assets, you would rely on "something like a proper RBAC model, Identity Access solution with a PAM, DRM and DLP". Implying the concept of labeling has been replaced by applying these tools.
It could be said that these tools apply labeling implicitely, because effective implementation of these solutions requires that the solution knows what forms of protection each information asset needs.
That means classifying information assets (control 8.2.1) and determining acceptable use (control 8.1.3).
Labeling of digital information assets close to the source e.g. assign a classification-label to a database column will help create a consistent approach across individual solutions.
Looking at it that way, any metadata that helps ensure the acceptable use and proper handling of information assets could be identified as labeling. A data dictionary that contains classification information could also be considered to use labeling.
Related:
- [ISO 27001 A 8.2.1 Classification of information](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.2.1%20Classification%20of%20information.md)
- [ISO 27001 A 8.1.3 Acceptable use of assets](../Standards/ISO27x/legacy/ISO%2027001%202013/ISO%2027001%20A%208.1.3%20Acceptable%20use%20of%20assets.md)