Data classification is defined as categorizing data to make it the most efficient and effective way possible. In basic approaches to classifying data one can classify data according to its critical value, how often it needs to be accessed, etc. One example of this is by breaking down data in to multiple uses. Technical data is usually critical and often used, so storing that kind of data you would want to put it on a fast access media, as opposed to administrative or legal data could be stored on media that would not require fast access speeds. If an Engineer for a company can classify data correctly, and accurately, essential data is easier to find thus making its access faster.
To successfully implement a data security program, a few things have to be considered and researched. In order to start in the right direction, you would need to perform a ...view middle of the document...
You would have to break into a group, for example, “System Access”. You would create rules to defend system access by a number of ways. One being password creation, you would create a rule that would define what a strong password would be. Another might involve a policy that excludes Removable media, such as flash drives, Cd’s etc. from being attached to the company’s network. Maybe you would implement Encryption on company critical files. All of these would help combat the ever-changing threats a company would have. Insiders definitely have an increased risk over outside risk. Insiders are already in your network, even if security policies are in place and access control is tight, your network is still at risk no matter what from inside sources. Four categories are what define this.
Pure insiders could be one of the most dangerous because of their access levels. They will have security clearance, a logon to the network; some might even have privileged access to root system files. In any case, the people that could do the most damage are the tech savvy. An insider affiliate would be someone that knows the insiders information such as usernames, passwords, or even have a security device such as a card key. These are dangerous to spot because the possess the proper credentials to walk around a company unescorted, thanks to the insider. Insider associate is another problem. The insider associate is similar to an affiliate, but doesn’t really know someone in the company. This person could be a consultant, contractor, cleaning staff. These people have access, but limited to a physical nature, not a logical nature. They are able to roam the building, but not have access to the network. Another problem would be the outside affiliate. These affiliates are the ones that sit outside and try to hack your wireless access points, pretending to be lost roaming the halls of your company looking for passwords on desks, etc. Though the most obvious, sometimes that is the main problem companies face.