1.3 KiB
1.3 KiB
Definition: "A data classification identifies the value of the data to the organization. Classification labels, the method by which they are assigned, and the required protection associated with the different labels, are identified in a policy." Source: CISSP_OSG_Chapter_5
Classification criteria should be risk based, for instance on potential damage to the organization, the privacy of individuals, national security, economic interests, or other critical concerns.
See also: Datatags System Def_Sec_Handbook_Chapter_2 ISO 27002:2022 NL A5.12 Designing an information management scheme Data classification examples from SANS forum Key Topics for a Classified Information Security Policy Traffic Light Protocol (TLP)
