6PolicyA written statement from an authority declaring a course of action for the sake of expediency
7PolicyA written statement from an authority declaring a course of action for the sake of expediency.Example: Policy dictates that all employees will read and sign the AUP before receiving access to the computing system.
50Data Classification Challanges Perfection is the enemy of the good!If you insist on perfection, your system will be difficult to implement.Employees must be properly educated in order to classify data effectively.
51Data Classification Challenges Perfection is the enemy of the good!If too complex it will fail due to lack of useYou are better served by keeping your classification scheme simple (no more complex than is necessary)
52Data Classification Challenges Perfection is the enemy of the good!Development and implementation of a data classification scheme will require resources.If its complex, it will likely be expensive to implement
53Implementation TipsUnderstand what is achievable – any data classification policy must become less complex as more individuals become involved in implementing the policy.
54Implementation TipsThose who have something at stake should be involved in the data classification policy development.
55Implementation Tips Provide appropriate education and visibility. Any data classification scheme should be posted on the company/agency internal web- page.
56Implementation TipsAlign your data classification scheme with regulatory (compliance) requirements.
57Compliance LawsLegislation exists mandating security controls to protect private and confidential data.
58Example Compliance Legislation SOX (Sarbanes-Oxley, 2002)Requires security controls to protect the confidentiality and integrity of financial reporting.