Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Advanced Classification of Information

No description
by

Vicente Aceituno

on 7 April 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Advanced Classification of Information

Advanced Classification of Information

by Vicente Aceituno
vaceituno@inovement.es

When information is efficiently Classified, management becomes easier, therefore information becomes easier to protect.
The number of categories is important. There should be as many categories as ways to protect information.
Let's check what are the most relevant criteria for classifying information.
Who can use it?
You can classify information depending on who can access it.

Example:
Public.
Customers.
Employees.
C-level executives.
Who is the owner?
You can classify information depending on who owns it.
Examples:
Intellectual Property of the organization.
Intellectual Propery of third parties.
Personal information of Customers.
Who controls it?
When you control information you can copy or delete it. Sometimes the owner of information does not control it. It is complicated to protect information you own but don't control.

Examples:
Third parties may control Intellectual Property of the organization.
Organizations often control Personal information of Customers.
The protection will be different if:
Users are accountable for the use of information or not.
Information is time sensitive.
Where is it located?
Depending on where the information is located it will be subject to different laws.

Example:
USA
Europe
When should it possible
to use it?
The window of usability, number and frequency of acceptable interruptions require specific design approaches.

Example:
24x7, 99.999% uptime.
8x5, 99% uptime.
How long is the lifetime?
Depending on the lifetime, specific protection against obsolescence might be necessary.

Example:
Three years.
Fifty years.
When does it expire?
Information that expires has to be deleted for good at the end lifetime.

Examples:
Does not expire.
24 hours.
Five years.
What are the compliance requirements?
Some types of information carry compliance requirements.

Examples:
Credit card.
Official secrets.
Personal information.
Conclusions
Classification simplifies management.
Secrecy is just one among multiple criteria for classification.
Lack of classification leads to poor protection design.
Vicente Aceituno
vaceituno@inovement.es
Full transcript