Security Policies - Classifying Assets
From: Justin McCullough (justin@i-stat.com)
Date: 01/24/03
- Next message: Jeremiah DeWitt Weiner: "Re: telnet replacement - not ssh?"
- Previous message: DaveK: "Re: Netstat weirdness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: justin@i-stat.com (Justin McCullough) Date: 24 Jan 2003 10:58:35 -0800
I am in the process of implementing a security program, and have
identified all of my company's information assets. The next step I
would like to take is classifying said assets. I am not quite sure
how to tackle this.
I want to classify assets to associate a set of handling and
protection controls for each group. My questions are as follows:
1) If assets are classified according to their confidentiality, as
they typically are, and those that are more confidential receive more
strict contols, how does this address information that is extremely
critical, but not confidential?
2) How does one tackle labelling of data? Does every piece of
information need an electronic label?
Any help on this topic is greatly appreciated...
- Next message: Jeremiah DeWitt Weiner: "Re: telnet replacement - not ssh?"
- Previous message: DaveK: "Re: Netstat weirdness"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
