cyber security

profileluckyqloo
W1D1..MM.docx
Home>Information Systems homework help>cyber security

Response, disagree, 100 word min.

Data Classification (CAT)

Data classification is an integral part of an organization’s cybersecurity policy. Data classification is broadly defined as part of the information life cycle and a process used to organize data by relevant categories to ensure access, safeguard, and protection of sensitive or critical data within an organization (De Groot, 2019).  Ensuring that the system that stores, process, and transmit the data is of equal or greater security controls should also be part of an organization data classification policy.  “A fundamental decision an organization must make is the amount of control it will give system and data owners along with specifying the level of access users of that data will have”(Tipton, 2009, pg. 116).  “The U.S. Government uses a three-tier classification scheme that is based on the potential impact to national security if the information is disclosed” (AWS, Data Classification 2018. Pg.2).  The U.S. Government data classification categories are Confidential, Secret, and Top Secret. Top Secret is the highest level of classification and requires a need to know policy.  Commerical organization general implements a data access model that is derived from the general access frameworks:

1.      Discretionary access control: The control or access to the data is controlled by the data owner. The data owner determines who has access to the data and what privileges (Tipton, 2009).

2.      Mandatory access control:  Access to the data is determined by the system and the organization policy. Access to the system is determined by the users level of security clearance or trustworthiness

3.      Nondiscretionary access control: Access to the data is controlled by the administrator of the system. Access to the data is determined by rules created by the system administrator that defines what file specific users are group will have access to.

Of the three access control framework, which one is the best to implement within an organization? Why or why not?

 

Reference:

n.d (2018). Data Classification Secure Cloud Adoption, Amazon Web Service, inc Secure Cloud Adoption, June 2018. Retrieved from https://d1.awsstatic.com/whitepapers/compliance/AWS_Data_Classification.pdf

De Groot, J. (2019). What is Data Classification? A data Classification Definition. Digital Guardian, July 2015 (2019). Retrieved from https://digitalguardian.com/blog/what-data-classification-data-classification-definition

Tipton, H. (2009). Official (ISC)2 Guide to the CISSP CBK Second Edition, Boca Raton, FL 33487.