PO2.3 Data Classification Scheme
Establish an enterprise-wide data classification scheme based on both business criticality and sensitivity requirements. Use this scheme as the basis for applying data-specific controls, such as encryption, access control, archive, and high availability.
Illustrative Controls and the TIBCO LogLogic Solution
An appropriate data classification scheme serves as the basis for applying, monitoring, and managing data-related IT security controls. The classification scheme provides the means for controlling data access, ensuring availability of critical data, and maintaining an audit trail for sensitive or critical data access.
To satisfy this objective, the organization must architect a classification scheme that accounts for all enterprise data. The scheme will take into account characteristics and issues such as sensitivity, criticality, and encryption and availability requirements. Implementing data access logging and monitoring helps ensure that the scheme is being applied in a suitable fashion and that data is being accessed by appropriate parties.