I used to think of info classification as a useless over-simplification. Information has unique properties which couldn't be reflected by association to predefined classes.
Sure enough - having info represented by classes is a simplification. But these days I see merit in the practice.
Classification fosters dialogue about the sensitivity of info. A process owner might not know his security requirements but I can get him started by asking: where is integrity more important - for info type x or type y?
(some of) my events
- 2020-02-05--08 Folk och kultur (participating in convention, Eskilstuna)
- 2019-12-12 Datakommunikation och IT-säkerhet (guest lecturing, Högskolan i Gävle)
- 2019-10-08 Riskkollegiets seniora pris (co-hosting seminar in Gothenburg)
- 2019-09-16 Immersiva medier (participating in conference, Norrköping)
- 2019-08-22 RISKUT 2019 (co-hosting conference, Stockholm)
Subscribe to:
Post Comments (Atom)
last chance...
No comments:
Post a Comment