Data Classification Detection Techniques
What is Data Classification?
Data Classification is a process which is used to optimize data security and data protection programs, procedures and processes. Data needs to be classified based on its sensitivity type and the level of impact to the organization if that data is destroyed, changed or disclosed.
Build a data classification structure that empowers users to detect, classify and protect sensitive data
This structure should include elements such as:
- Data Classification Schema to determine the tiers and or levels of protection needed
- Data Classification Labeling to make it easy to determine the associated tier by both user and security tools such as Data loss prevention
- Data Classification Policies to define responsibilities and governance requirements
The below table is to help determine data classifications based on potential impacts to the organization as recommended by the National Institute of Standards and Technology [1]
| POTENTIAL IMPACT | |||
| Security Objective | LOW | MODERATE | HIGH |
| Confidentiality Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.[44 U.S.C., SEC. 3542] |
The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized disclosure of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
| Integrity Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity.[44 U.S.C., SEC. 3542] |
The unauthorized modification or destruction of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The unauthorized modification or destruction of information could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
| Availability Ensuring timely and reliable access to and use of information.[44 U.S.C., SEC. 3542] |
The disruption of access to or use of information or an information system could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. | The disruption of access to or use of information or an information system could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals. |
[1] http://csrc.nist.gov/publications/fips/fips199/FIPS-PUB-199-final.pdf
Data Classification Risk Factors
Determining the value of data will help with the classification levels. The main risk factors are
- Strategic Risks
- Reputation Risks
- Compliance Risks
Ways to Classify Data; automatic and / or user-based
- Context based
- Content based
- User based
Data Detection Techniques
What is Data Discovery?
Data Discovery is a process in which a system reads files or database tables from a target, identifies sensitive data and reports the location of such file. More advanced systems are able to perform remedial actions on such files.
Remedial actions may include:
- Automatic classification
- Copy the data to another location
- Move the data to another location
- Delete the data
- Encrypt the data
- Enforce EDRM credentials on the files
Of course the system must detect the data with a very high degree of accuracy; otherwise a business process will break.
