Data classification is important part of the ISO 27001 and Enterprise Security Governance. Data classification will set labels and categories to the given data types. These types will be used to set secrecy, sensitivity, confidentiality levels. If we set all data high security level or classification this will create high cost and operational complexity and expense. So we should classify and categorize them appropriately accord to organization needs, situation etc.
数据分类是ISO 27001和企业安全管理的重要组成部分。 数据分类将为给定的数据类型设置标签和类别。 这些类型将用于设置保密性,敏感性和机密性级别。 如果我们将所有数据都设置为高安全级别或分类,这将导致高成本,操作复杂性和费用。 因此,我们应该根据组织的需要,情况等对它们进行适当的分类和归类。
数据分类的好处 (Benefits Of Data Classification)
In this part we will list the benefits and profits of data classification and categorization
在这一部分中,我们将列出数据分类和分类的收益和利益
- Demonstrates organizational commitment表现出组织承诺
- Assist Identifying assets协助识别资产
- Help protections mechanisms creation帮助保护机制的建立
- Used in compliance or legal issues and standards用于合规或法律问题和标准
- Helps defining access levels帮助定义访问级别
- Helps life-cycle management like retention, usage, destruction of data帮助生命周期管理,例如数据的保留,使用,破坏
如何对数据进行分类和分类(How To Classify and Categorize Data)
Data can be classified and categorized in different aspects. Here a list of them.
可以在不同方面对数据进行分类。 这里是他们的清单。
- Usefulness of the data 数据的有用性
- Timeliness of the data数据的及时性
- Values or cost of the data数据的价值或成本
- Maturity or age of the data数据的成熟度或期限
- Lifetime of the data数据寿命
- Association with personnel与人员协会
- Data disclosure effect数据披露效果
- Data modification effect数据修改效果
- Authorized access to the data授权访问数据
- Storage of data资料储存
- Maintenance and monitoring of the data维护和监控数据
Here the steps should be taken during the classification and categorization of the data.
在此,应该在数据的分类和分类过程中采取这些步骤。
- Identify custodian and define their responsibilities 确定保管人并确定其职责
- Specify the evaluation criteria how the information will be classified and labeled指定评估标准,如何对信息进行分类和标记
- Classify and label each resource分类并标记每个资源
- Document any exception记录任何例外
- Select security controls that will be application for each category选择将应用于每个类别的安全控件
- Specify declassifying resources and transferring data to external entity指定解密资源并将数据传输到外部实体
- Create enterprise-wide awareness about classification system建立企业范围内有关分类系统的意识
通用数据类和类别(Common Data Class and Categories)
There are different type of data classification and categorization levels used in commercial organization. We can provide some commonly used levels in this part
商业组织中使用了不同类型的数据分类和分类级别。 我们可以在这部分中提供一些常用的级别
机密(Confidential)
This is the highest level of classification. This type of data disclosure will create significant negative impacts on the organization
这是最高的分类级别。 这种类型的数据披露将对组织产生重大的负面影响
私人的(Private)
This is second highest level of classification. This type of data generally provides personal or important data for the organization.
这是第二高的分类级别。 此类数据通常为组织提供个人或重要数据。
敏感 (Sensitive)
Used for data that is more important than public data. This category data disclosure will have little effects to organization.
用于比公共数据更重要的数据。 此类数据公开对组织影响不大。
上市 (Public)
Public that do not need confidentiality and should be known by public.
不需要保密的公众,应该为公众所知。
翻译自: https://www.poftut.com/data-classification-and-categorization-with-benefits/