DSP-04: Is data classified according to type and sensitivity levels?
Implement data classification by defining organizational data categories, such as public data, confidential data, etc. Automated tools to label files, per their sensitivity levels, may be used. Appropriate security measures/protection should be implemented, per its categorization.
Use data classification, tagging, or metadata fields based on industry-standard frameworks such as (but not limited to): a. Carnegie Mellon University: Guidelines for Data Classification b. SANS Institute: Tagging Data to Prevent Data Leakage (Forming Content Repositories)
Control implemented
Control ownership
Description
Classify data according to its type and sensitivity level.