Data classification 101 – Where to start


Data classification is a term that is not usually associated with the small business.  It tends to invoke thoughts of a lot of red tape and inconvenience that small businesses tend to avoid.  In reality, some essential elements of data classification can be put in place at a small business with much less cost and effort than you might think.

The first step is to know what you have.  Gather a cross-section of the company including persons from different departments and job roles.  Brainstorm about the types of data that the company has and create a list.  Next, group each of the data types into one of the following categories based on the data types sensitivity and availability.  Sensitivity is concerned with the impact disclosure of the data to unauthorized persons would have and availability is concerned with the impact of lack of access to the data.

  • High sensitivity, high availability
  • High sensitivity, low availability
  • Low sensitivity, high availability
  • Low sensitivity, low availability

Now that you have each data type in a category, label the categories and create a policy that outlines the data for each category and how it should be protected and then put together a plan to implement security controls that meet the requirements in the policy.

3 thoughts on “Data classification 101 – Where to start

  1. Excellent post. I was checking continuously this blogs and IÔÇÖm impressed! Very helpful information specially the remaining part 🙂 I care for such information much. I was looking for this particular info for a long time. Thanks for sharing.

  2. Great advice on data classification. This is something I have been wanting to do for a while now but it always seemed like way too much work.

Leave a Reply

Your email address will not be published. Required fields are marked *