An important metadata item that should be attached to all our information is a classification level.This classification tag, which remains attached (and perhaps updated) throughout the life cycle of the information, is important to determining the protective controls we apply to the information.
Information can be classified by sensitivity, criticality, or both. Either way, the classification aims to quantify how much loss an organization would likely suffer if the information was lost.
The sensitivity of information is commensurate with the losses to an organization if that information was revealed to unauthorized individuals.
The criticality of information, on the other hand, is an indicator of how the loss of the information would impact the fundamental business processes of the organization.
The primary purpose of data classification is to indicate the level of confidentiality, integrity, and availability protection that is required for each type of data set.
Each classification should have separate handling requirements and procedures pertaining to how that data is accessed, used, and destroyed.
剩余内容请看本人公众号debugeeker, 链接为CISSP考试指南笔记:2.2 信息分类