classification fosters dialogue

I used to think of info classification as a useless over-simplification. Information has unique properties which couldn't be reflected by association to predefined classes.

Sure enough - having info represented by classes is a simplification. But these days I see merit in the practice.

Classification fosters dialogue about the sensitivity of info. A process owner might not know his security requirements but I can get him started by asking: where is integrity more important - for info type x or type y?

No comments: