One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 3541311 |
| Date de publication | 2021-10-21 15:57:00 (vue: 2021-10-21 03:05:20) |
| Titre | Topic-specific policy 9/11: information classification and handling |
| Texte | I'll admit up-front that I have very mixed feelings about the utility and value of classification as a form of control, at least in the civilian/commercial world outside of the government and defence realm anyway.On the one hand, it is (or rather it should be, thanks to the policies, procedures, guidelines, training and awareness materials and activities) reasonably obvious how to handle correctly classified and labelled hardcopy documents. Computer data - not so much, unless you are using mil-spec classified systems and networks with all manner of mandatory hard-coded built-in bullet-proof controls. Do your corporate information security controls include automatic rifles and attitude? Are you at the very top of your game?On the other hand, even in mil/govt circles, classification and labelling can be tricky and consistency is always an issue. Each level or category of classification covers a range, a spectrum of information risks. Individual items of information falling at any point within the range are likely to be classified, labelled and handled in much the same way - which may not be appropriate in every case. What to do with unlabelled and/or unclassified or misclassified information is another concern, along with classification reviews, as well as the tendency to over-classification which impacts the availability of information for legitimate purposes. Finally, anything marked "TOP SECRET" in big red capitals is surely a magnet for spies, spooks, opportunist thieves, hackers, crackers, journalists, nosy/disaffected workers, fraudsters, criminals ... and even auditors on the prowl. It might as well say "READ ME!". So, although we offer a classification policy template, I'm reluctant to recommend classification as a general approach unless it is mandated for your organisation ... in which case your class/category definitions, processes and handling rules are probably already specified by whoever mandated it (perhaps in law), so you would need to check/update the template accordingly. In summary, the template is here, a basic classification policy starter for just $20. It's not one of the topic-specific policy examples I personally would have selected for the standard, though, and I have serious reservations about the corresponding controls in section 5. To me, it's an outdated, unhelpful and largely irrelevant approach - except perhaps for the |
| Envoyé | Oui |
| Condensat | $20 a do it so 9/11: about accordingly activities admit all along already although always and/or another any anything anyway approach appropriate are attitude auditors automatic availability awareness basic big built bullet can capitals case category check/update circles civilian/commercial class/category classification classified coded computer concern consistency control controls corporate correctly corresponding covers crackers criminals data defence definitions documents each entirely even every examples except falling feelings finally form fraudsters front game general government guidelines hackers hand handle handled handling hard hardcopy have how impacts include individual information irrelevant is here issue it should items journalists just labelled labelling largely law least legitimate level likely magnet mandated mandatory manner marked materials may might mil mil/govt military misclassified mixed much need networks nosy/disaffected not obvious offer one opportunist organisation other outdated outside over perhaps personally point policies policy probably procedures processes proof prowl purposes range rather read realm reasonably recommend red reluctant reservations reviews rifles risks rules same say secret section security selected serious spec specific specified spectrum spies spooks standard starter summary sure surely systems template tendency thanks thieves though top topic training tricky unclassified unhelpful unlabelled unless using utility value very way well what which whoever within workers world would your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.