Sunday, October 21, 2007

Managing and Classifying Documents in Information Security

It is often not easy to judge what documents(soft-copies or hard-copies)to safe-guard unless we have a system to determine the classification of documents:

We will first talk about classifying documents into their confidentiality categories then in the next post I shall talk about availability classifications followed by integrity classifications thereafter.So stay tuned and come back for more goodies on how information security can be managed by my system.

I have devised a system in classifying documents into :

1.) Class 0 ( public information)
2.) Class 1 (Internal information)
3.) Class 2 (Confidential information)
4.) Class 3 (Strictly confidential information)

Class 0 - no protection required can be circulated freely.
Class 1 - no protection required but can only be circulated freely in the company but not public. ( Examples: Company news-letter, Posters, marketing materials etc.)

Class 2 - needs to be encrypted if in soft-copies and locked in cupboards for hard copies can only be circulated to name users in the network defined.(Examples: Personal information like salary , bank account. Sales prices , customers information etc.)

Lastly we have Class 3 - needs to be encrypted if in soft-copies and locked in fire-proof safes for hard copies. Can only be circulated to an even smaller network but before circulating the originator of the information will need to grant permission for its circulations. (Examples: Patents , patients' files, bank transactions information, new product launch prices and information etc.)

Not to forget we also need to get rid of class 2 & class 3 information in a secured way video below shows you how :

Click Here for a good encryption software for files and folders !