Categorization:
- Purpose: Determines the potential impact of loss or compromise of the Confidentiality, Integrity, and Availability (CIA) of information to an organization.
- Goal: Identifies the value of the data to the organization, demonstrating business commitment to security, and identifying which information is most sensitive and vital.
- Criteria:
- Value: How important the data is to the organization.
- Age: The relevance of the data over time.
- Useful Life: How long the data remains useful.
- Personal Association: The degree of personal information or privacy impact involved.
Levels of Classification:
Government/Military:
- Unclassified: Information that is not sensitive but can still be marked for Official Use Only (FOUO).
- Sensitive but Unclassified (SBU): Information that, while not classified, requires protection due to its sensitivity.
- Confidential: Information whose unauthorized disclosure could cause some damage to national security.
- Secret: Information that, if disclosed, could cause serious damage to national security. May include specific country restrictions (e.g., NZAUS SECRET for New Zealand, Australia, and the US).
- Top Secret: Information whose disclosure could cause grave damage to national security.
Private Sector:
- Public: Information that is accessible to the public or employees and does not require special handling.
- Company Confidential: Information that is restricted to internal employees and not for general public use.
- Company Restricted: Information limited to a subset of employees due to its sensitivity.
- Private: Includes highly sensitive personal information like Social Security Numbers (SSNs) and credit card details that could cause damage if disclosed.
- Confidential: Information that could cause exceptionally grave damage if exposed.
- Proprietary: Trade secrets and sensitive business information critical to competitive advantage.
- Sensitive: Internal business information that requires protection but is not as critical as proprietary or confidential data.
Mappings:
- Top Secret: Often corresponds to Confidential or Proprietary in private sector terms.
- Secret: Generally aligns with Private or Confidential in the private sector.
- Confidential: Similar to Sensitive in private sector terms.
These classifications help organizations manage and protect information according to its value and sensitivity, ensuring appropriate measures are in place to handle and secure data.