I used to think of info classification as a useless over-simplification. Information has unique properties which couldn't be reflected by association to predefined classes.
Sure enough - having info represented by classes is a simplification. But these days I see merit in the practice.
Classification fosters dialogue about the sensitivity of info. A process owner might not know his security requirements but I can get him started by asking: where is integrity more important - for info type x or type y?
(some of) my events
- 2023-11-16 Psychological perspectives on understanding human decision-making in situations involving risk and uncertainty (attending symposium, Stockholm)
- 2023-08-23--24 Riskbaserat arbetssätt (teaching course, Stockholm)
- 2023-05-30 Informationssäkerhet och risk (pod interview in Swedish)
- 2023-05-11 Certifierad IT-arkitekt (guest lecturing, Stockholm)
- 2022-12-05 Datavetenskapliga programmet (guest lecturing, University of Gävle)
Subscribe to:
Post Comments (Atom)
20230802
No comments:
Post a Comment