Data Classification
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
12 hours 57 minutes
Difficulty
Intermediate
CEU/CPE
13
Video Transcription
00:00
>> Now we're going to talk about the process
00:00
of data classification.
00:00
In this lesson, we're going to go over
00:00
the common ways data are classified,
00:00
the importance of data mapping for
00:00
a successful data classification,
00:00
and then explain most of the approaches to data.
00:00
Data classification.
00:00
There are a lot of different ways
00:00
that data can be classified,
00:00
but there are also
00:00
important caveats to each of these approaches.
00:00
Criticality, remember when we did
00:00
that business impact analysis to understand what
00:00
the most crucial assets are to
00:00
the organization's business case
00:00
for utilizing Cloud services.
00:00
We identified those critical pieces
00:00
of architecture or applications,
00:00
utilizing that we can then infer that the data within
00:00
those critical assets is
00:00
the most important data for our organization
00:00
and should be categorized as such.
00:00
Now the categories for data classification can vary.
00:00
I mean, at a very low level,
00:00
there's categorizing data based on functionality.
00:00
This is finance data or this is marketing
00:00
data or this is
00:00
data that's relevant to a specific project.
00:00
But it's very important also to consider what
00:00
data within your environment is regulated.
00:00
What data, and we're going to go into
00:00
more specific data types and what is
00:00
regulated and what does not
00:00
depending on the government scheme.
00:00
However, knowing where that regulated data is stored,
00:00
what applications are processing it really dictate
00:00
how the proper security protection should be implied.
00:00
One of the other aspects
00:00
that we usually consider in the Cloud.
00:00
Remember, the Cloud servers are
00:00
in different geographic regions.
00:00
That means that that data
00:00
is a different legal jurisdictions.
00:00
Different countries have different laws
00:00
>> when it comes to the protection and
00:00
>> security requirements regarding data,
00:00
>> as well as the legal process
00:00
for securing and maintaining data as evidence.
00:00
Knowing and labeling data based on
00:00
jurisdiction is a common practice to ensure
00:00
your organization understands the risks that are
00:00
applied and the requirements
00:00
that are associated with the data.
00:00
How is it in different geographically dispersed areas?
00:00
Now one of the other important aspects
00:00
of data classification is data mapping,
00:00
and we alluded to it when we talked
00:00
about that business impact analysis.
00:00
But unless at a high level,
00:00
you know where all your assets are and where
00:00
data is going to flow within
00:00
your application or your Cloud environment,
00:00
it's going to be very difficult to have
00:00
an effective data classification scheme.
00:00
So before you can really effectively classify data,
00:00
you have to do effective a data mapping.
00:00
Where's the data going?
00:00
Where is it being processed?
00:00
How is it being created?
00:00
Where is it being stored?
00:00
Identify all those assets ahead of
00:00
time and know where the data is,
00:00
what types of data are
00:00
flowing through your environment in order to
00:00
effectively begin classifying it based on
00:00
criticality or based on a data classification scheme.
00:00
There are two common ones
00:00
that people are often familiar with.
00:00
There's the public sector and the private sector.
00:00
I'm sure many people often are aware of some
00:00
of the public sector classification scheme.
00:00
We're like, "You can't have
00:00
that information. It's classified."
00:00
Well, classification is actually one of
00:00
the lower level classification scheme
00:00
in the public sector,
00:00
often used in the military,
00:00
the highest level, top-secret,
00:00
followed by secret,
00:00
followed by classified, followed by unclassified.
00:00
This is very common in government organizations.
00:00
You have to have a particular clearance
00:00
and need to have access to
00:00
information at various
00:00
data classification sensitivity levels.
00:00
In the private sector,
00:00
the labeling scheme that's commonly used is
00:00
confidential as the highest level of data sensitivity,
00:00
followed by private, then sensitive,
00:00
then publicly available information.
00:00
Although there's no military secrets
00:00
at stake in the private sector,
00:00
it is still incredibly important to understand
00:00
>> what information is confidential and private,
00:00
>> especially with publicly traded companies.
00:00
There could be legal and even
00:00
jail consequences for people that violate
00:00
some of the data protection classification rules
00:00
regarding certain types of privileged information.
00:00
Even if your company isn't publicly traded,
00:00
having sensitive data get out, and well,
00:00
in this case, confidential data get out could
00:00
provide a competitive advantage to your competitor.
00:00
So creating effective data classification
00:00
in those areas is essential to
00:00
ensuring your company stays
00:00
safe and maintains its competitive advantage.
00:00
Quiz question. What is
00:00
the highest data sensitivity level in
00:00
the private sector at data classification scheme?
00:00
Is it top-secret, confidential, or proprietary?
00:00
If you said confidential, you'd be correct.
00:00
Top-secret, we know that's
00:00
the highest level for the public sector.
00:00
Proprietary, actually isn't
00:00
even a classification level that's used in
00:00
the private data classification scheme,
00:00
but it very sounds a lot like it.
00:00
Confidential. That's the highest level
00:00
when it comes to the private classification scheme.
00:00
In this lesson, we talked about the importance
00:00
of classifying data.
00:00
We talked about the common data classification schemes
00:00
between public and private.
00:00
We talked about the different types of
00:00
data categories that need to be labeled and classified,
00:00
and we also talked about the crucial first step
00:00
that without effective data mapping,
00:00
you really can't be setup
00:00
to effectively manage data securely.
00:00
You'll open yourself to many different risks.
00:00
I'll see you in the next lesson.
Up Next
Instructed By
Similar Content
