Document Classification

/ Cyber Blog / By

The theme for this month focuses on Document Classification. Before we classify, we first need to identify
what needs to be classified. To do this, let us understand some terms and ask some pertinent questions.

Information asset classification
Information asset classification is a process that requires business decisions and participation by all
employees in the department. An information classification is an important step in building and securing our
organisation/department and more importantly its Information Assets.

What is an information asset?
An information asset is a piece of information, stored in any media format that is processed and used by
business and recognised as ‘valuable’ to the organisation. The term often used is, “crown jewels” and refers
to an organization’s most prized and valuable assets.

Information Assets include paper documents / electronic files / voice recordings and media footage.

Why is classification important for Information Security?

  1. Ensure assets are identified
  2. Properly classified and,
  3. Protected throughout their information lifecycles

For example, if we do not classify information correctly, we may find employees recycling confidential
information and shredding restricted documents.

Information asset classification principles

Classification: Information must be categorised into levels of sensitivity and protected in accordance
with appropriate requirements as part of the risk management process.

Confidentiality: Confidentiality is the characteristic of information being disclosed and accessed only to
authorised entities (users & systems), processed at authorised times and in an
authorised manner.

Integrity: Integrity is the characteristic of information being accurate and complete therefore integrity of information indicates it is timely, accurate, complete and consistent.

Availability: Availability is the characteristic of information and supporting information systems being accessible and usable on a timely basis in the required manner. (Simply put, availability ensures timely and reliable access).