Educause Security Discussion mailing list archives
Data Classification
From: Tom Siu <thomas.siu () CASE EDU>
Date: Fri, 28 Jul 2006 15:56:22 -0400
Hello, With some background in Department of Defense R&D, I have taken a tangent AWAY from the use of classifications that are the same as US Government classifications in the higher education domain, to avoid any misunderstandings when research grant and funding processes may be involved. Therefore, I don't have the words "confidential, secret, top-secret, tippy-top-secret" etc. in my taxonomy. I've got Tier1, Tier2, and Tier3. Using a little guidance from NIST SP 800-60 (http://csrc.nist.gov/ publications/nistpubs/800-60/SP800-60V1-final.pdf), here is the matrix that helps define the categorization of data. Tier Category Confidentiality Integrity Availability ----- ------------ ------------------- ----------- --------------- 1 Unrestricted low moderate low 2 Univ Internal moderate moderate moderate 3 Restricted high moderate moderate The CIA impacts are institution specific, but the categories seem to be germane to many .edu workspace. Regards, Tom |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ||| Tom Siu Chief Information Security Officer Case thomas.siu () case edu www.case.edu/its |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| |||
Current thread:
- Data Classification Steve Brukbacher (Jul 26)
- <Possible follow-ups>
- Re: Data Classification James H Moore (Jul 26)
- Re: Data Classification Dick Jacobson (Jul 26)
- Re: Data Classification Christopher Misra (Jul 27)
- Re: Data Classification Krizi Trivisani (Jul 27)
- Re: Data Classification David C Smith (Jul 27)
- Data classification Theresa M Rowe (Jul 27)
- Data Classification Tom Siu (Jul 28)
- Re: Data Classification Waller, Michael A. (HSC) (Jul 28)
- Re: Data Classification Cam Beasley (Jul 28)
- Re: Data Classification Ced Bennett (Aug 02)
- Data classification Stewart, Ian (Sep 06)