What is Data Classification?
Data Classification Detection Techniques
What is Data Classification?
Data Classification is a process that is used to optimize data security and data protection programs, procedures, and processes. Data needs to be classified based on its sensitivity type and the level of impact to the organization if that data is destroyed, changed, or disclosed.
Build a data classification structure that empowers users to detect, classify and protect sensitive data
This structure should include elements such as:
- Data Classification Schema to determine the tiers and or levels of protection needed
- Data Classification Labeling to make it easy to determine the associated tier by both user and security tools such as Data loss prevention
- Data Classification Policies to define responsibilities and governance requirements
The below table is to help determine data classifications based on potential impacts to the organization as recommended by the National Institute of Standards and Technology (NIST) [1]
POTENTIAL IMPACT | |||
| Security Objective | LOW | MODERATE | HIGH |
| Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.[44 U.S.C., SEC. 3542] | The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
| Integrity Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.[44 U.S.C., SEC. 3542] | The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
| Availability Ensuring timely and reliable access to and use of information.[44 U.S.C., SEC. 3542] | The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
[1] http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
Data Classification Risk Factors
Determining the value of data will help with the classification levels. The main risk factors are
- Strategic Risks
- Reputation Risks
- Compliance Risks
Ways to Classify Data; automatic and/or user-based
- Context-based
- Content-based
- User-based
Data Detection Techniques
What is Data Discovery?
Data Discovery is a process in which a system reads files or database tables from a target, identifies sensitive data, and reports the location of such a file. More advanced systems are able to perform remedial actions on such files.
Remedial actions may include:
- Automatic classification
- Copy the data to another location
- Move the data to another location
- Delete the data
- Encrypt the data
- Enforce EDRM credentials on the files
Of course, the system must detect the data with a very high degree of accuracy; otherwise, a business process will break.
Data Misclassification
GTB’s Data MisclassifierTM easily detects mislabeled or unmarked files and emails, corrects them, and applies the appropriate data protection policy.
Visibility: Accurately, discover sensitive data; detect and address broken business process, or insider threats including sensitive data breach attempts.
Protection: Automate data protection, breach prevention and incident response both on and off the network; for example, find and quarantine sensitive data within files exposed on user workstations, FileShares and cloud storage.
Notification: Alert and educate users on violations to raise awareness and educate the end user about cybersecurity and corporate policies.
Education: Start target cyber-security training; e.g., identify end-users violating policies and train them.
- Employees and organizations have knowledge and control of the information leaving the organization, where it is being sent, and where it is being preserved.
- Ability to allow user classification to give them influence in how the data they produce is controlled, which increases protection and end-user adoption.
- Control your data across your entire domain in one Central Management Dashboard with Universal policies.
- Many levels of control together with the ability to warn end-users of possible non-compliant – risky activities, protecting from malicious insiders and human error.
- Full data discovery collection detects sensitive data anywhere it is stored, and provides strong classification, watermarking, and other controls.
- Delivers full technical controls on who can copy what data, to what devices, what can be printed, and/or watermarked.
- Integrate with GRC workflows.
- Reduce the risk of fines and non-compliance.
- Protect intellectual property and corporate assets.
- Ensure compliance within industry, regulatory, and corporate policy.
- Ability to enforce boundaries and control what types of sensitive information can flow where.
- Control data flow to third parties and between business units.