Alert Logic Comments New UK Government Security Classifications
UK government has introduced a new, simpler security classification system for its data, Stephen Coty, chief security evangelist for Alert Logic, comments are as follows :
“Data Classification is something that every company should be practicing, not just the government. It is the act of placing data into categories that will determine the level of risk and dictate internal access controls, through technology and process, to protect the data.
After all, the goal of information security is to protect the confidentiality, integrity and availability of information assets and systems, so to do this properly, you must first complete a self assessment of the data you have that might need protecting. Then select a methodology for classification of your data. Then begin the process of classifying your systems and data to locations that require different levels of access. Then you must implement the technologies to secure that data and limit access to the personnel that require privileges to the various data sets. This is where the least privilege access model will be implemented and managed through various technologies.
Get these first stages right, and it will go a long way towards the security of your company and its intellectual property.”