Information classification: practical guidelines

Some information security standards or best practices require organizations to have an information asset classification policy. ISO27002 1 requires an information classification policy; The NIST has even published a FISP2 on the topic, PCI-DSS 3 doesn’t speak about it as it focuses on Credit Card information considered as sensitive information by default; and IT-Grundschutz4 require potential damage and […]

Information classification for dummies

Most companies serious about security have an information classification policy. Too often, this policy has been drafted based on common practice and don’t bring an added value to the business nor did it fit to the business reality. In fact, too often, security people don’t even understand what is the real purpose of classifying information […]

%d blogueurs aiment cette page :