Data classification
Data classification is a process where enterprise data is identified across the enterprise and it is given a classification that requires specific handling methods when interacting with the classified data. It is important that during the classification exercise data owners are assigned, enterprise criticality scored, and supporting processes developed to ensure confidentiality, availability, and integrity. The ultimate goal of the data classification exercise is to discover all enterprise data and protect or destroy it based on its importance and impact potential. Impact potential is of importance when considering the impact of enterprise data compromise, loss, and legal limits for data retention.
Identifying enterprise data
A common perception is that all enterprise data is both stored in a database or network system and the presence of such data stores is known. The reality is with the changes to the network edge presented in Chapter 1, Enterprise Security Overview and...
