Data classification is the categorization of data for its most effective and efficient use.
Data can be classified according to any criteria. For example, data can be broken down according to its relative importance or frequency of use, topical content, file type, operating platform, average file size in megabytes or gigabytes, when it was created, when it was last accessed or modified, which person or department last accessed or modified it, and which personnel or departments use it the most. A well-planned data classification system makes essential data easy to find. This can be of particular importance in risk management, legal discovery , and compliance with government regulations.
Data classification best practices enable organisations to store their data in line with compliance controls, thereby reducing any risk to the business in the event of an audit or legal discovery. Thereby Information Classification and Management (ICM) offers advanced features such as file-path metadata parsing, in-file content visibility, context category classification, file-classification tagging and policy-based management, tracking and search. Advanced solutions targeted at ICM include the ability to find Social Security numbers, credit card numbers, source code or confidential information stored in unsecured locations. They also must be able to find data that resembles a name, company name, account number or litigation case name, or even a data-point value in a spreadsheet cell.
However, while evaluating data classification confidentiality, integrity, and availability (C-I-A) criteria can be also applied.
Confidentiality – The need to strictly limit access to data to protect the company and individuals from loss.
Integrity – Data must be accurate and users must be able to trust its accuracy.
Availability – Data must be accessible to authorized persons, entities, or devices.
To determine the level of protections applied to a system, the classification should be based on...