Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: data classification

Classy Data (pt. 3) – Ownership and Risk

– Security professionals proudly describe how they assign owners to their organizations’ data and those owners “assume the risk of any compromise of the data.” Give me a break! The owner is invariably some business-unit manager who just wants to get the job done. The manager will agree to…

Classy Data (pt. 2) – Context and Handling

– The category of a particular data item may have been carefully arrived at and cast in concrete, as it were. But data do not live in unchanging isolation, nor are they always used for the same purpose or in the same manner. …

Classy Data (pt. 1) – Categorization

– How many times have you heard the following? “First classify the data into internal, confidential, secret, etc. This determines how the data should be handled. Then assign a data owner who must approve who has access to the data and what they can do with them. Oh, and by the way, the data owner…

How Deep in DLP Are You?

– While every security tool a vendor advertises to or demonstrates for you is purportedly the silver bullet that saves your organization from drowning in a virtual sea of hackers, rogues and spies, data-leakage protection – or prevention (DLP) is one for which many electrons have been slain to…

RBAC For More

– Organizations that face significant regulatory scrutiny — or have large numbers of disparate systems containing highly sensitive data — are most likely to have, or at least to need, Roles-Based Access Controls (RBAC). These organizations are usually trying to accomplish two ends by…