Security Program management

Asset/data classification

Objectives and Benefits

  • determine protection level (primary)
  • determines appropriate levels of information resource protection
  • identify data owners for data classification
  • business value including contribution to revenue
  • supports principles of security proportionality
  • identifies controls commensurate with impact
  • determines the priority and extent of risk mitigation efforts


  • data retention policies
  • methodologies based on exposure, in regard to data and the protection lifecycle
  • best method to classify data is impact assessment associated with compromise of data by the data owner
  • data protection strategies
  • user awareness of data classification schemas to reduce the cost of over protection and the risk of under protection of assets
  • classification is based on criticality and sensitivity
  • impacts of data breaches
  • potential financial losses

Greatest challenges

  • inaccurate valuation of information assets

Roles and responsibilities

Information owner: determine the classification of information across the information owner’s scope of responsibility


identify data owners is the first step in implementing data classification

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: