\"Data Classification and Data Handling\" Please respond to the following: Asses

ID: 3670128 • Letter: #

Question

"Data Classification and Data Handling" Please respond to the following:

Assess the main policy elements governing data classification and data handling in organizations to ensure that data remain protected at rest and in transit. Describe the methods that organizations can implement to ensure that data remains protected at rest and in transit.

Determine which areas of the data life cycle are the most challenging to control and explain why (i.e., creation, access, use, transmission, storage, physical transport, and destruction).

Explanation / Answer

Classification of data based on how the data is sensitivity and their effect on disclosed, update and remove without permission. Hence data is classified as:

Type 1 Public: this data is non-sensitive available. So no need to controls are required to protect the confidentiality of Public data but some restriction may be applied is required to prevent unauthorized modification or destruction.

Example: Web Sites, Press Releases, etc

Type 2 Internal Use Only: this Data is moderately sensitive. So, Access to this data must be requested form. The Data Owner who is responsible for the data gives you the authorized access of data.

Examples of Internal Use Only information includes, Internal Web Sites, Internal phone lists, etc.

Type3 Restricted/ Confidential: this data is highly sensitive and may have personal privacy considerations, if it disclosed, poses a high risk and could violate the privacy of individuals, reduce the competitive advantage and cause significant damage of reputation.

Examples of Restricted Confidential data may be financial data, credit card numbers and individuals’ health information.

Data Handling :

Data handling

Type1(public)

Type 2(Internal)

Type 3(Restricted/ Confidential)

Physical Security

recommended for login/logout

Must be login/logout

Data Storage

Server secure recommended

Must be Server secure

Auditing

Not needed

Logins

Logins, authorize and update

Transmission

No restriction

No require

Encryption

Access Controls

Not required

Must be Authentication and authorization

Methods that organizations can implement to ensure that data remains protected at rest and in transit. :Data are at Rest is the data that inside persistent storage in structured and unstructured forms like databases. So need the data to classify as protection encrypted in storage. The use of encryption must be sensitive and value of the data). Access of these data must be authorize and authenticated basis. In addition a crypto system must be support to integrity.

On the other hand Transit Data to data may be transferred from one data to another. Data in transit must sent back-end servers and applications. Two information of the same corporate network follow by cloud. All sensitive data must be protected in transit for any transport medium like over the wire, air and other transport medium followed by unencrypted, secure network communication protocols. There are several options for controlling the distribution of encryption keys for protecting data in transit. Communications between VMs in the cloud may not be protected by CSP-provided encrypted pipes o and customer controlled encrypted pipes.

There are all areas of the data life cycle i.e creation, access, use, transmission, storage, physical transport, and destruction are challenging but According to me the use of data is the most challenging to control. A key of data life cycle is data use. It is very typical process to determine the limitations of data usage and what users will do. The user may be use or may be transmit or transport or may be destroy. It will be discuss in many security forums and research area. Whatever process u used you have to establish detailed handling, storage and destruction requirements to compose security into the data lifecycle. Hence the use of data is more challenging than other area of data life cycle.