Data Classification and Categorization More and More a Necessity

Data Classification and Categorization More and More a Necessity

For ISO 27001, data classification is a compulsory part. Guidelines for data sanitization, like NIST 800-88, and norms for data destruction, like ISO/IEC 21964, refer to categorization of information and information systems.

Large government and military organizations are familiar with the concept of data classification. In the past few years data classification has become a basic element in risk management for other public and private organizations. Data classification has shifted from being “nice” to have to becoming a necessity. That tendency has been accelerated by the GDPR for companies handling data from EU citizens. Now private companies and organizations are adopting and implementing data classification based on methods and schemas that worked well for the public sector.

But what is the difference between data classification and categorization? How is it defined in relation to sanitization through different standards? Why is the NIST insisting on categorization of systems as a starting point for the sanitization of media? And is ISO 21964 similar to NIST?

Read more in our PDF which you can download for free:

Icon
Data Classification and Categorization | 597 KB
Please login or register free to get access to our papers
Frank Lauterslager
Frank Lauterslager

More from it-responsible.com:

05/20/2021

Destructing Data Carriers – Not So Simple

Read more
05/20/2021

Guidelines for Media Sanitization: The Essentials of NIST 800 88r1

Read more
12/01/2020

To Degauss or not to Degauss?

Read more
12/01/2020

What is the Most Sustainable Data Sanitization Solution?

Read more
12/01/2020

How Secure is Data Erasure Software?

Read more
12/01/2020

Data Erasure Software Enveloped in Mist

Read more

Leave a comment: