Quick Thought: Information Classification Like Creative Commons
[Stealing the CC Ease of Use Icons for Info Classification]
When something is complicated then it usually is quite wrong. I learnt this lesson with Firewall Rules. Usually when something was twisted around and not easy to understand it was because the Firewall was being used for a purpose ti was not designed for.
Information Classification is usually pretty easy to understand. It is logical. There is stuff you want the public to know about, stuff you don't mind them knowing about, stuff that you don't quite want them to know about and stuff they most certainly shouldn't know about.
There is also stuff that can't be shared outside of the company with out breaking the law or some "governance" and stuff that can't be shared overseas.
Finally, there is stuff that shouldn't be shared outside of a department such as "strategy stuff" or "HR stuff".
What you call these is just semantics and what you do to keep these where they should be is where the fun comes in.
Information Security is accused of being overly complex and it really shouldn't be. Much like copyright is (generally) complex. So, the good people of the Creative Commons worked out just how to separate the tricky-to-understand bits from the easy-to-understand stuff and get people using CC without having to read law at Harvard or some such. You choose the pretty pictures that show you what you want and voila.
So, can we do the same with Information Classification?
[Stealing the CC Ease of Use Icons for Info Classification]
When something is complicated then it usually is quite wrong. I learnt this lesson with Firewall Rules. Usually when something was twisted around and not easy to understand it was because the Firewall was being used for a purpose ti was not designed for.
Information Classification is usually pretty easy to understand. It is logical. There is stuff you want the public to know about, stuff you don't mind them knowing about, stuff that you don't quite want them to know about and stuff they most certainly shouldn't know about.
There is also stuff that can't be shared outside of the company with out breaking the law or some "governance" and stuff that can't be shared overseas.
Finally, there is stuff that shouldn't be shared outside of a department such as "strategy stuff" or "HR stuff".
What you call these is just semantics and what you do to keep these where they should be is where the fun comes in.
Information Security is accused of being overly complex and it really shouldn't be. Much like copyright is (generally) complex. So, the good people of the Creative Commons worked out just how to separate the tricky-to-understand bits from the easy-to-understand stuff and get people using CC without having to read law at Harvard or some such. You choose the pretty pictures that show you what you want and voila.
So, can we do the same with Information Classification?