Let’s begin Information Security by Classifying an Organization’s Data in order to Identify which Data requires Protection. The Overall Process includes the following steps:
- Identify and Classify Sensitive Data Assets: Depending on the industry and organization, there can be few or many assets, and a range of Sensitive Data (including Personal Identification, Medical, Financial, and more).
- Locate Sensitive Data throughout the Enterprise: Security requirements may differ, depending on where Data is stored. A significant amount of Sensitive Data in a single location poses a High Risk due to the damage possible from a single breach.
- Determine how each Asset needs to be Protected: The measures necessary to ensure Security can vary between assets, depending on Data Content and the Type of Technology.
- Identify how this Information interacts with Business Processes: Analysis of Business Processes is required to determine what Access is allowed and under what conditions.
