Educause Security Discussion mailing list archives
Minimum Control Sets for Data Classifications
From: Martin Manjak <mmanjak () ALBANY EDU>
Date: Thu, 23 Feb 2012 11:54:41 -0500
Those of you who have implemented a data or asset classification schema, do you also have minimum control sets (admin, physical, technical) that are tied to each category of data? For example, if the data handled is categorized as "highly sensitive," "confidential," or whatever label you've assigned to the data that presents the highest institutional risk, is there a minimum set of controls that have to be in place in the offices or business/academic units that routinely use this type of information? And if the answer is yes, would mind replying with a reference to those controls? Marty -- Martin Manjak CISSP, GIAC GSEC-G Information Security Officer University at Albany MSC 209 518/437-3813 The University at Albany will never ask you to reveal your password. Please ignore all such requests.
Current thread:
- Minimum Control Sets for Data Classifications Martin Manjak (Feb 23)
- Re: Minimum Control Sets for Data Classifications Everett, Alex D (Feb 23)