|
|
|
|
Division of IT: Security
MU Data Classification SystemWhat is Data Classification?Data classification is a method that allows an organization to categorize information assets and apply security policies in accordance with that categorization. Categorization is done to ensure that sensitive information and information that is protected by law is protected appropriately. Examples of different types regulations and laws that affect how we handle information assets include FERPA, HIPAA, GLB and e-commerce regulations. There are other types of highly-sensitive data that are collected and utilized through research grants. The information obtained through this research includes plant, human and animal research and research of national security interest.Why is it Important?The MU Data Classification System (DCS) provides several benefits. It allows an organization to inventory its information assets. In many cases, information asset owners aren't aware of all of the different types of data they hold. It also allows the Division of Information Technology to work with MU departments to develop specific security requirements, including network security zones, that can be readily utilized.What Does it Mean Specifically to MU Departments?In some cases, the DCS will cause owners of systems and applications to move those systems into a physically and logically secure environment. Whether systems will be required to be housed within MU's data center is dependent on the classification level and the ability of the owner to meet DCS requirements. Applying a data classification policy to information assets may also indicate a need to segregate different types of data. Owners of systems that house multiple classification levels of data can often more readily meet DCS requirements by segregating sensitive data from non-sensitive data. Information owners that have contracted with outside providers have a different challenge. Vendors that provide services for MU departments will be required to demonstrate their ability to meet the DCS security requirements. Contact isam@missouri.edu for a consultation regarding the DCS and how it applies to your department. |