Discussion: Sensitive Data Classification
Organizations need to know the value of their data to find the best way to protect it. The data must be categorized according to the organization's level of concern for confidentiality, integrity, and availability. The potential impact on assets and operations should be known in case data, systems, and/or networks are compromised (through unauthorized access, use, disclosure, disruption, modification, or destruction).
Choose an organization that you are familiar with from the Manufacturing, Retail, Health Care, Finance, or Education sectors to study throughout this course. You can use your own employer or another organization. I do encourage you to choose one that you have some experience with as there are differences between the different vertical markets.
Based on your chosen organization, ensure you:
• Discuss the organization's data. What types of data does it have? Is any of the data subject to regulatory security requirements (FERPA, HIPPA, GDPR, etc.) Is some of the data used or generated outside of the US?
• Discuss the organization's categorization of the data based on the Standards for Security Categorization of Federal Information and Information Systems.
Note: You will use information from this discussion in this week's assignment Encryption Methodologies to Protect an Organization's Data.
MUST USE Standards for Security Categorization of Federal Information and Information Systems!
The response should include a reference list. Double-space, using Times New Roman 12 pnt font, one-inch margins, and APA style of writing and citations.