That's a good question that we see often when talking to potential clients for janusNET's janusSEAL range of products. UK Government agencies use the new (from April, 2014) schema;
Private sector is more likely to use something like;
SECRET or RESTRICTED
Then sometimes there will be secondary classifications, as with the OFFICIAL-SENSITVE of the UK Gov schema. We would recommend keeping the number of classifications to 3/4 max because as you say it won't get used correctly if it's difficult to choose.
Sometimes organisations may use sub classifications to help with routing data to an archive or encryption service, for example;
COMPANY CONFIDENTIAL - ARCHIVE
COMPANY CONFIDENTIAL - ENCRYPT
Your network IT systems/gateways can route/process as needed, firewalls can block content that should not leave the organisation etc.
I would start by asking the business owners/directors how they view their data as a first step, suggesting something like the three levels above. Work from that but remember to keep it simple otherwise staff will ignore it if classifcation is optional, or incorrectly classify when it's mandatory.
Back to article list