Business info disclosure damaging to the organization: level of
confidentiality based on value of the info.
Personal info about employees & customers: legal concerns too.
physical media (tape, CDs, printouts) need physical security level labels
only authorized users utilizing authorized SW over authorized comm. should be allowed to utilize the info.
secure storage: filesystem security for online storage but encryption needed for removable or stolen media, or intruded system.
secure comm.: point-to-point network physically secured
VPN: user authenticated & encryption over Internet. extranet
secure disposal: multiple generations of data recoverable from media
(remnance)
object reuse: no previous data obtainable. write over several times
with different bit patterns
magnetic media: destroyed, degaussed
Confidentiality/sensitivity classifications:
company secret: restricted distribution. grave impact. protected at
all times.
company confidential: limited distribution. significant impact. kept
in secure area.
company proprietary: moderate impact. adequately protected outside
secure area.
internal use only: limited impact. soon to be public
private: not business activity-related. legally needs to be
confidential.
public