IT Security Strategy: Thinking Inside and Outside the Glass Box - IT Security Strategy: Grouping Your Data
(
Page 4 of 4 )
Grouping Your Data
Creating a taxonomy is an important part of data governance. The following are some suggested classifications:
Document Type: Is it a project plan, a contract, a specification, an answer to a request for proposal, a price quote, a memo, etc.?
Document Format: .doc, .xls, .mp3, .mov, .pdf, etc.
Owner: If questions arise about a particular document type or its contents, the owner should be able to tell you everything there is to know about it.
Sensitivity: Is the data public, public within a limited scope (specific client information), internal only (confidential business strategy plans), internal within a limited scope (employee salary information or social security numbers), or does it contain other information that’s unique to an individual (such as passwords)?
Access Control: What users and groups should have access to this information?
Critical Level: Is the information business-critical, semi-critical or not at all critical? Could your business survive if the data were lost?
Access Frequency: How often will the people who need this information actually access it?
Retention Length: How long do you want to keep the data? How long do you have to keep it (federal mandates or legal liabilities)? How quickly should you get rid of information such as temporary files, information placed in a file-exchange location or e-mail?
Scott E. Christiansen is the chief security officer at Leo A Daly, an architectural and engineering firm in Omaha, Neb.
