Business info disclosure damaging to the organization: level of
confidentiality based on value of the info.
Personal info about employees & customers: legal concerns too.
physical media (tape, CDs, printouts) need physical security level labels
only authorized users utilizing authorized SW over authorized comm. should be allowed to utilize the info.
secure storage: filesystem security for online storage but encryption needed for removable or stolen media, or intruded system.
secure comm.: point-to-point network physically secured
VPN: user authenticated & encryption over Internet. extranet
secure disposal: multiple generations of data recoverable from media
object reuse: no previous data obtainable. write over several times with different bit patterns
magnetic media: destroyed, degaussed
company secret: restricted distribution. grave impact. protected at all times.
company confidential: limited distribution. significant impact. kept in secure area.
company proprietary: moderate impact. adequately protected outside secure area.
internal use only: limited impact. soon to be public
private: not business activity-related. legally needs to be confidential.