Information Security - Classification and Protection

It is critical for any business to install an information security classification and categorisation process, once installed, the business data can then be protected.

 

We often see and treat the business information we hold as a product of our most important assets and protecting it must be one of any businesses top priorities.  Data loss or theft is a significant blow to any company’s reputation and it may lead to legal troubles and potentially even the collapse of a business. Understanding how information is stored and shared in your organisation is integral protection to that value during its lifecycle.

We call this the Information Lifecycle.

 

Understanding your information security needs

As organisations mature with their information practices, classification of information becomes a key strategy towards protection and goverance. With classification other technologies such as DLP can be tuned to protect the information based upon its classification. Guardian technologies has partnered with Boldon James who are the leaders in classification technology.

To appropriately tag information it needs to be firstly categorised e.g.: finance, PII, strategic, etc and then classified by it importance e.g.: public, internal, confidential, etc.  Tagging of information must be done without changing the date on the file upon which archiving programs rely.

Classification must be like a parcel, a parcel has human readable data and machine readable data, information assets should have the same tagging. Classification needs to be as inconspicuous as possible to the end-user and should not be an onerous procedure. However, data classification can be introduced either by users classifying their created information, automated by the technology or suggested, all of these factors must be considered when writing a data classification strategy.

At Guardian Technologies our approach to information classification would be to:

  • Organisation Alignment and Readiness: bring all the areas of the business together to agree, support and sponsor the initiative.
  • Analysis and Design: conduct a workshop to map the information processes, discover a representative set of information and prepare rules and policies to meet the organisational requirements
  • Configure and Test: set the rules on the sample information and test, adjust rules and policies to address any anomalies then build an end-user awareness programme.
  • Deploy and Maintain: Increase the scope of information classification and monitor results to support a governance strategy.

 

Why use Guardian Technologies?

There are plenty of data classification providers out there but at Guardian Technologies, we use our expertise to analyse your requirements then ensure that you have the security management system in place for your business needs.  We like to do business with like-minded organisations who see the need to enhance their data classification provisions but may not have the experience to do so in-house or are growing at such a rate that the in-house IT team need some additional support.

If you are an organisation with 100 users or more and have concerns about your data classification, then we have the experience to help you ensure you have the right provision in place.

What to do next?

If you are concerned about your business information security contact us to arrange your FREE 60-minute consultation